[fix] remove vestigial JSON server_data (#6382)

* remove vestigial JSON serialization of server_data * remove server_data as an allowed payload script attribute * update test * add changeset
sveltejs · Aug 29, 2022 · 77d0f79 · 77d0f79
1 parent a0147ea
commit 77d0f79
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 14 deletions.
diff --git a/.changeset/quiet-poems-tease.md b/.changeset/quiet-poems-tease.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+[fix] remove unnecessary JSON serialization of server data
diff --git a/packages/kit/src/runtime/server/page/render.js b/packages/kit/src/runtime/server/page/render.js
@@ -299,15 +299,6 @@ export async function render_response({
 			);
 		}
 
-		if (branch.some((node) => node.server_data)) {
-			serialized_data.push(
-				render_json_payload_script(
-					{ type: 'server_data' },
-					branch.map(({ server_data }) => server_data)
-				)
-			);
-		}
-
 		if (validation_errors) {
 			serialized_data.push(
 				render_json_payload_script({ type: 'validation_errors' }, validation_errors)

diff --git a/packages/kit/src/utils/escape.spec.js b/packages/kit/src/utils/escape.spec.js
@@ -5,22 +5,24 @@ import { render_json_payload_script, escape_html_attr } from './escape.js';
 const json = suite('render_json_payload_script');
 
 json('escapes slashes', () => {
+	// The type here doesn't really matter for the purposes of escaping,
+	// but we want to avoid upsetting TypeScript.
 	assert.equal(
-		render_json_payload_script({ type: 'server_data' }, [
+		render_json_payload_script({ type: 'validation_errors' }, [
 			{ unsafe: '</script><script>alert("xss")' }
 		]),
-		'<script type="application/json" sveltekit:data-type="server_data">' +
+		'<script type="application/json" sveltekit:data-type="validation_errors">' +
 			'[{"unsafe":"\\u003C/script>\\u003Cscript>alert(\\"xss\\")"}]' +
 			'</script>'
 	);
 });
 
 json('escapes exclamation marks', () => {
 	assert.equal(
-		render_json_payload_script({ type: 'server_data' }, [
+		render_json_payload_script({ type: 'validation_errors' }, [
 			{ '<!--</script>...-->alert("xss")': 'unsafe' }
 		]),
-		'<script type="application/json" sveltekit:data-type="server_data">' +
+		'<script type="application/json" sveltekit:data-type="validation_errors">' +
 			'[{"\\u003C!--\\u003C/script>...-->alert(\\"xss\\")":"unsafe"}]' +
 			'</script>'
 	);

diff --git a/packages/kit/types/internal.d.ts b/packages/kit/types/internal.d.ts
@@ -133,7 +133,6 @@ export interface PageNode {
 
 export type PayloadScriptAttributes =
 	| { type: 'data'; url: string; body?: string }
-	| { type: 'server_data' }
 	| { type: 'validation_errors' };
 
 export interface PrerenderDependency {