WingNews logo WingNews
top | item 24559307

(no title)

steadicat | 5 years ago

I'm curious why the compiled version is still referencing React code, instead of defining a standard JS data structure that JSX would compile directly into? This would remove any dependency to React itself, with the added benefit of skipping function calls at runtime. It doesn't look like there's much happening at instantiation that couldn't be done after the fact on plain JS objects: https://github.com/facebook/react/blob/master/packages/react...

discuss

order

j-f1|5 years ago

There were security vulnerabilities a while ago that resulted from people being able to upload React-element-shaped JSON objects in certain places strings were supposed to go. IIRC this allowed for XSS, so React added a special symbol (the $$typeof key) that would have to be imported somehow in order to add it to the plain objects.

steadicat|5 years ago

Interesting. Why not make that special symbol a tiny NPM module with a single published version that any library wishing to support JSX can import?