mirror of
https://github.com/gosticks/fresh.git
synced 2026-06-30 21:30:03 +00:00
This commit escapes `<` `>` and related characters in the serialized state that is encoded into the `<script id=__FRSH_STATE>` tag. This prevents XSS attack occuring through injection of a `</script>` string in island props.