Change Details

These are from the reporting tool [snyk](https://snyk.io/) From Snyk: `Unsanitized input from an HTTP header flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)` The following files are affected: https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/send.ts#L48 https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/middlewares/transform.ts#L88 https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/middlewares/base.ts#L45 The suggested fix for the above is using `escapeHtml` like in the following [example](https://github.com/mattdesl/budo/commit/e20ad86032547f0ab93f31c6e932bd78a4fb88dd?diff=split#diff-d7dfcb350720309421bbb465055aafdfL97)

These are from the reporting tool [snyk](https://snyk.io/) From https://cwe.mitre.org/data/definitions/79.html: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The following files are affected: https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/send.ts#L48 https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/middlewares/transform.ts#L88 https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/middlewares/base.ts#L45 The suggested fix for the above is using `escapeHtml` like in the following [example](https://github.com/mattdesl/budo/commit/e20ad86032547f0ab93f31c6e932bd78a4fb88dd?diff=split#diff-d7dfcb350720309421bbb465055aafdfL97)

These are from the reporting tool [snyk](https://snyk.io/) From Snyk:https://cwe.mitre.org/data/definitions/79.html: `Unsanitized input from an HTTP header flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)`The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The following files are affected: https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/send.ts#L48 https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/middlewares/transform.ts#L88 https://github.com/vitejs/vite/blob/v2.6.12/packages/vite/src/node/server/middlewares/base.ts#L45 The suggested fix for the above is using `escapeHtml` like in the following [example](https://github.com/mattdesl/budo/commit/e20ad86032547f0ab93f31c6e932bd78a4fb88dd?diff=split#diff-d7dfcb350720309421bbb465055aafdfL97)