mirror of
https://github.com/zebrajr/react.git
synced 2025-12-07 12:20:38 +01:00
103378b1ea
* Prevent javascript protocol URLs * Just warn when disableJavaScriptURLs is false This avoids a breaking change. * Allow framesets * Allow <html> to be used in integration tests Full document renders requires server rendering so the client path just uses the hydration path in this case to simplify writing these tests. * Detect leading and intermediate characters and test mixed case These are considered valid javascript urls by browser so they must be included in the filter. This is an exact match according to the spec but maybe we should include a super set to be safer? * Test updates to ensure we have coverage there too * Fix toString invocation and Flow types Right now we invoke toString twice when we hydrate (three times with the flag off). Ideally we should only do it once even in this case but the code structure doesn't really allow for that right now. * s/itRejects/itRejectsRendering * Dedupe warning and add the unsafe URL to the warning message * Add test that fails if g is added to the sanitizer This only affects the prod version since the warning is deduped anyway. * Fix prod test
61 lines
2.3 KiB
JavaScript
61 lines
2.3 KiB
JavaScript
/**
|
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
|
*
|
|
* This source code is licensed under the MIT license found in the
|
|
* LICENSE file in the root directory of this source tree.
|
|
*
|
|
* @flow strict
|
|
*/
|
|
|
|
export const enableUserTimingAPI = __DEV__;
|
|
|
|
// Helps identify side effects in begin-phase lifecycle hooks and setState reducers:
|
|
export const debugRenderPhaseSideEffects = false;
|
|
|
|
// In some cases, StrictMode should also double-render lifecycles.
|
|
// This can be confusing for tests though,
|
|
// And it can be bad for performance in production.
|
|
// This feature flag can be used to control the behavior:
|
|
export const debugRenderPhaseSideEffectsForStrictMode = __DEV__;
|
|
|
|
// To preserve the "Pause on caught exceptions" behavior of the debugger, we
|
|
// replay the begin phase of a failed component inside invokeGuardedCallback.
|
|
export const replayFailedUnitOfWorkWithInvokeGuardedCallback = __DEV__;
|
|
|
|
// Warn about deprecated, async-unsafe lifecycles; relates to RFC #6:
|
|
export const warnAboutDeprecatedLifecycles = false;
|
|
|
|
// Gather advanced timing metrics for Profiler subtrees.
|
|
export const enableProfilerTimer = __PROFILE__;
|
|
|
|
// Trace which interactions trigger each commit.
|
|
export const enableSchedulerTracing = __PROFILE__;
|
|
|
|
// Only used in www builds.
|
|
export const enableSuspenseServerRenderer = false; // TODO: __DEV__? Here it might just be false.
|
|
|
|
// Only used in www builds.
|
|
export const enableSchedulerDebugging = false;
|
|
|
|
// Only used in www builds.
|
|
export function addUserTimingListener() {
|
|
throw new Error('Not implemented.');
|
|
}
|
|
|
|
// Disable javascript: URL strings in href for XSS protection.
|
|
export const disableJavaScriptURLs = false;
|
|
|
|
// React Fire: prevent the value and checked attributes from syncing
|
|
// with their related DOM properties
|
|
export const disableInputAttributeSyncing = false;
|
|
|
|
// These APIs will no longer be "unstable" in the upcoming 16.7 release,
|
|
// Control this behavior with a flag to support 16.6 minor releases in the meanwhile.
|
|
export const enableStableConcurrentModeAPIs = false;
|
|
|
|
export const warnAboutShorthandPropertyCollision = false;
|
|
|
|
// See https://github.com/react-native-community/discussions-and-proposals/issues/72 for more information
|
|
// This is a flag so we can fix warnings in RN core before turning it on
|
|
export const warnAboutDeprecatedSetNativeProps = false;
|