You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
currently, the server runtime uses jsesc to serialize the server handoff here which is extremely slow compared to JSON.stringify (almost 10x slower with larger sets of data). as far as i understand this is primarily done to prevent xss attacks but it's very hard sometimes to cut down on loader data size such as when trying to render components based on data received from a headless cms.
hence, i'm wondering if it's possible to use an alternative approach to jsesc?
or if that's not possible, can we add an escape hatch / option for a remix application to use JSON.stringify anyway when serializing the server handoff (with very clear and bold warning that it's subject to xss vulnerabilities, kinda like how react does it with dangerouslySetInnerHTML)? it would save a significant amount of cpu time which is generally quite precious when running code on the edge.
this has been resolved by #3889 available in remix 1.7.0+
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
currently, the server runtime usesjsescto serialize the server handoff here which is extremely slow compared toJSON.stringify(almost 10x slower with larger sets of data). as far as i understand this is primarily done to prevent xss attacks but it's very hard sometimes to cut down on loader data size such as when trying to render components based on data received from a headless cms.hence, i'm wondering if it's possible to use an alternative approach tojsesc?or if that's not possible, can we add an escape hatch / option for a remix application to useJSON.stringifyanyway when serializing the server handoff (with very clear and bold warning that it's subject to xss vulnerabilities, kinda like how react does it withdangerouslySetInnerHTML)? it would save a significant amount of cpu time which is generally quite precious when running code on the edge.this has been resolved by #3889 available in remix 1.7.0+
Beta Was this translation helpful? Give feedback.
All reactions