Skip to content
This repository has been archived by the owner on Feb 1, 2022. It is now read-only.

Support for React 16 #113

Open
svenkatreddy opened this issue Sep 27, 2017 · 4 comments
Open

Support for React 16 #113

svenkatreddy opened this issue Sep 27, 2017 · 4 comments

Comments

@svenkatreddy
Copy link
Contributor

Now that React 16 is released, looking at support for react 16 with express react views is important.
Also, React 16 now provide two additional methods for node server

renderToNodeStream()
renderToStaticNodeStream()
svenkatreddy added a commit to svenkatreddy/express-react-views that referenced this issue Oct 2, 2017
@svenkatreddy
Address issue reactjs#113
7f5c3c8 
- upgrade packages to React 16
- upgrade examples to React 16
- update test cases
- Add AUTHORS file
@svenkatreddy svenkatreddy mentioned this issue Oct 2, 2017
Closed
@zpao
Copy link
Member

zpao commented Oct 13, 2017

You did the first part of this (backwards compatible support) in #106 and I just shipped that in 0.10.3.

Let's do the rest in a new version (0.11) that supports only 16+ and probably shift to using streaming. We can also switch to babel-env and do fewer code transformations, which hopefully speeds things up a bit too.

@svenkatreddy
Copy link
Contributor Author

svenkatreddy commented Oct 13, 2017
edited

@zpao Thank you for taking time & looking into PR, merging into master. I know lot of people needed this.
Yes i think babel-preset-env would be good next step. (active PR #115)
after that streaming would be great.

svenkatreddy added a commit to svenkatreddy/express-react-views that referenced this issue Oct 13, 2017
@svenkatreddy
switch from babel-preset-es2015 to babel-preset-env addresses reactjs…
d25c23e 
…#112 and reactjs#113
@svenkatreddy svenkatreddy mentioned this issue Oct 13, 2017
Merged
zpao pushed a commit that referenced this issue Oct 31, 2017
@svenkatreddy @zpao
switch from babel-preset-es2015 to babel-preset-env (#115)
a42989c 
* switch from babel-preset-es2015 to babel-preset-env addresses #112 and #113

* minor letter casing the way it is preffered on Google Analytics Website

* Run prettier after merge

* removing contributors section in favor of separate PR

* chnage babel config on README to single quote
@eastcoastcoder
Copy link

There was recently a post on the React blog about a vulnerability with server rendered apps.

The exploit deals with html passed as props then rendered with a renderToString method. Express-react-views does this and there is a large comment block about it here. (From at least a year ago)

https://github.com/reactjs/express-react-views/blob/master/examples/dynamic/views/Html.js

The vulnerability itself was actually discovered at the beginning of this month.

https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html

Could this library be updated for React/ReactDOM 16.2.1 (at a minimum)? Or does the call to the replace function in Html.js do enough to avoid this exploit?

svenkatreddy added a commit to svenkatreddy/express-react-views that referenced this issue Aug 28, 2018
@svenkatreddy
update packages (address React vulnerability with server rendered apps)
c2d2bf3 
reactjs#113
@svenkatreddy svenkatreddy mentioned this issue Aug 28, 2018
Closed
@zpao
Copy link
Member

zpao commented Oct 2, 2018

There are fixes in each 16.x release, so I don't feel the need to set a new minimum version in the peer deps. Otherwise, there's not really anything we can nor should do. This library doesn't install a version of React, so we're not directly vulnerable.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zpao @eastcoastcoder @svenkatreddy