prevent XSS

Author: olegman

package.json

@@ -33,6 +33,7 @@
   },
   "dependencies": {
     "prop-types": "15.x.x",
-    "router-async": "0.5.x"
+    "router-async": "0.5.x",
+    "serialize-javascript": "^1.4.0"
   }
 }

src/server-router.tsx

@@ -1,6 +1,7 @@
 import * as React from 'react';
 import * as PropTypes from 'prop-types';
 import Router, { initParams, initResult } from './router';
+import serialize from 'serialize-javascript';
 
 export default class ServerRouter extends Router {
     static async init(opts: initParams): Promise<initResult> {
@@ -22,9 +23,9 @@ export default class ServerRouter extends Router {
         return (
             <div>
                 {this.props.children ? this.props.children : <this.state.Component {...this.state.componentProps} />}
-                <script dangerouslySetInnerHTML={{ __html: `window.__REACT_ROUTER_ASYNC__=${JSON.stringify({
+                <script dangerouslySetInnerHTML={{ __html: `window.__REACT_ROUTER_ASYNC__=${serialize({
                     state: this.state
-                })};`}} />
+                }, {isJSON: true})};`}} />
             </div>
         )
     }

yarn.lock

@@ -100,6 +100,10 @@ [email protected]:
     path-to-regexp "^1.7.0"
     query-string "^4.3.2"
 
+serialize-javascript@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-1.4.0.tgz#7c958514db6ac2443a8abc062dc9f7886a7f6005"
+
 setimmediate@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"