Make the rendering engine safe

2025-12-22 11:26:57 -05:00 · 2020-10-21 08:43:04 -04:00
parent 7573ff2471
commit fe812048a4
1 changed files with 13 additions and 7 deletions
--- a/lib/react/engine.js
+++ b/lib/react/engine.js
@@ -1,12 +1,11 @@
 const { renderToString } = require('react-dom/server')
 const { transform } = require('./babel')
-
-// These all need to be here even though eslint doesn't think so
-/* eslint-disable */
 const React = require('react')
-const CodeBlock = require('../../dist/react/CodeBlock')
-const CodeEditor = require('../../dist/react/CodeEditor')
-/* eslint-enable */
+
+const components = {
+  CodeBlock: require('../../dist/react/CodeBlock'),
+  CodeEditor: require('../../dist/react/CodeEditor')
+}

 const renderReact = async componentStr => {
  // Get component name as string so we can use it in the class name
@@ -15,10 +14,17 @@ const renderReact = async componentStr => {
  // Add the wrapper and class name so we can later use React hydration on the client
  // side
  const jsx = `<div className="react-component-${componentName}">\n${componentStr}\n</div>`
+
  const component = transform(jsx)

  // eslint-disable-next-line
-  return renderToString(eval(component))
+  const getComponent = new Function(
+    'React',
+    ...Object.keys(components),
+    `${component.replace('React', 'return React')}`
+  )
+
+  return renderToString(getComponent(React, ...Object.values(components)))
 }

 module.exports = {