You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dangerouslySetInnerHTML in YMetrika — src/components/YMetrika/index.tsx
Script string is built via template literal interpolation. Migrate to Next.js <Script> component with strategy="afterInteractive". Remove HTML comments from inside the script body.
Iframe Embed without sandbox — src/components/Embed/index.tsx:17-23 <iframe> renders arbitrary src from MDX without restrictions. Add security attributes:
Problems
dangerouslySetInnerHTMLin YMetrika —src/components/YMetrika/index.tsxScript string is built via template literal interpolation. Migrate to Next.js
<Script>component withstrategy="afterInteractive". Remove HTML comments from inside the script body.Iframe Embed without
sandbox—src/components/Embed/index.tsx:17-23<iframe>renders arbitrarysrcfrom MDX without restrictions. Add security attributes:Also remove deprecated
frameBorderattribute.