This is the best behavior so people have seamless upgrades to new React majors.
This is probably a terrible default warning from the ESLint plugin, and we need to wait for https://github.com/yannickcr/eslint-plugin-react/issues/1955 before changing this hardcoded behavior.
Closes#5034
* Updates to reflect service worker registration being opt-in.
* Fixed an anchor link.
* Updates to SWPrecacheWebpackPlugin config, and corresponding docs.
The `formatter` option is incompatible with with `thread-loader`.
The `formatter` option previously accepted a function which was lost during JSON serialization.
* Use file name whitelist to prevent RCE
Use a whitelist to validate user-provided file names. This doesn't cover
the entire range of valid filenames but should cover almost all of them
in practice. Allows letters, numbers, periods, dashes, and underscores.
Opting to use a whitelist instead of a blacklist because getting this
wrong leaves us vulnerable to a RCE attack.
* Allow alphabet characters from all languages
Updated the whitelist to /^[\p{L}0-9/.\-_]+$/u, which matches
alphanumeric characters, periods, dashes, and underscores. Unicode
property support is stage 4 so I've inlined the transpiled version.
* Only use file name whitelist on Windows
* Log error message if file name does not pass whitelist
* Use file name whitelist to prevent RCE
Use a whitelist to validate user-provided file names. This doesn't cover
the entire range of valid filenames but should cover almost all of them
in practice. Allows letters, numbers, periods, dashes, and underscores.
Opting to use a whitelist instead of a blacklist because getting this
wrong leaves us vulnerable to a RCE attack.
* Allow alphabet characters from all languages
Updated the whitelist to /^[\p{L}0-9/.\-_]+$/u, which matches
alphanumeric characters, periods, dashes, and underscores. Unicode
property support is stage 4 so I've inlined the transpiled version.
* Only use file name whitelist on Windows
* Log error message if file name does not pass whitelist
