Skip to content

fix(astro): Avoid injecting meta tags into <head> inside attribute values#21089

Merged
andreiborza merged 1 commit into
developfrom
ab/fix-head-meta-tag-injection-in-attributes
May 21, 2026
Merged

fix(astro): Avoid injecting meta tags into <head> inside attribute values#21089
andreiborza merged 1 commit into
developfrom
ab/fix-head-meta-tag-injection-in-attributes

Conversation

@andreiborza
Copy link
Copy Markdown
Member

@andreiborza andreiborza commented May 21, 2026

addMetaTagToHead previously used string replacement matching on <head> strings. This however also matches when <head> is used in data attribute values, e.g. data-code="<head>...", corrupting the markup.

We now use a regex that skips over quoted strings, so only a real <head> tag gets meta tags injected.

Closes: #21068

@andreiborza
fix(astro): Avoid injecting meta tags into <head> inside attribute va…
e7d2e96 
…lues

`addMetaTagToHead` previously used string replacement matching on `<head>`
strings. This however also matches when `<head>` is used in data attribute
values, e.g. `data-code="<head>..."`, corrupting the markup.

We now use a regex that skips over quoted strings, so only a real `<head>` tag
gets meta tags injected.

Closes: #21068
@andreiborza andreiborza requested a review from a team as a code owner May 21, 2026 05:49
@andreiborza andreiborza requested review from mydea and s1gr1d and removed request for a team May 21, 2026 05:49
sentry[bot]
sentry Bot reviewed May 21, 2026
View reviewed changes
Comment thread packages/astro/src/server/middleware.ts
@andreiborza andreiborza requested review from JPeer264 and chargome and removed request for s1gr1d May 21, 2026 06:34
chargome
chargome approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@chargome chargome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@andreiborza andreiborza merged commit d65915b into develop May 21, 2026
48 checks passed
@andreiborza andreiborza deleted the ab/fix-head-meta-tag-injection-in-attributes branch May 21, 2026 08:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@chargome chargome chargome approved these changes

@mydea mydea Awaiting requested review from mydea mydea is a code owner automatically assigned from getsentry/team-javascript-sdks-framework

@JPeer264 JPeer264 Awaiting requested review from JPeer264

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Meta tag "sentry-route-name" gets inserted in data attribute values in page body causing invalid HTML

2 participants

@andreiborza @chargome