Merge pull request #673 from Baroshem/chore/2.5.1

Baroshem · web-flow · commit 094f5644e86d · 2026-01-16T08:22:42.000+01:00
Chore/2.5.1
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nuxt-security",
-  "version": "2.5.0",
+  "version": "2.5.1",
   "license": "MIT",
   "type": "module",
   "engines": {
diff --git a/src/module.ts b/src/module.ts
@@ -1,4 +1,4 @@
-import { defineNuxtModule, addServerHandler, installModule, addVitePlugin, addServerPlugin, createResolver, addImportsDir, useNitro, addServerImports, addTypeTemplate } from '@nuxt/kit'
+import { defineNuxtModule, addServerHandler, installModule, addVitePlugin, addServerPlugin, createResolver, addImportsDir, useNitro, addServerImports, addTypeTemplate, hasNuxtModule } from '@nuxt/kit'
 import { existsSync } from 'node:fs'
 import { readFile, readdir } from 'node:fs/promises'
 import { join, isAbsolute } from 'pathe'
@@ -313,6 +313,13 @@ export {}
         nuxt.hooks.callHook('nuxt-security:prerenderedHeaders', prerenderedHeaders)
       })
     })
+
+    // Adjust route rules for Nuxt Hints compatibility
+    if (hasNuxtModule('@nuxt/hints') && nuxt.options.dev) {
+      nuxt.options.routeRules = defu(nuxt.options.routeRules, {
+        '/__nuxt_hydration': { xssValidator: false }
+      })
+    }
   }
 })
 
diff --git a/src/runtime/nitro/plugins/40-cspSsrNonce.ts b/src/runtime/nitro/plugins/40-cspSsrNonce.ts
@@ -6,7 +6,7 @@ const LINK_RE = /<link\b([^>]*?>)/gi
 const NONCE_RE = /nonce="[^"]+"/i
 const SCRIPT_RE = /<script\b([^>]*?>)/gi
 const STYLE_RE = /<style\b([^>]*?>)/gi
-const QUOTE_MASK_RE = /"([^"]*)"/g
+const QUOTE_MASK_RE = /"((?:[^"\\]|\\.)*)"/g
 const QUOTE_RESTORE_RE = /__QUOTE_PLACEHOLDER_(\d+)__/g
 
 function injectNonceToTags(element: string, nonce: string) {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "nuxt-security",`
`3`		`- "version": "2.5.0",`
	`3`	`+ "version": "2.5.1",`
`4`	`4`	`"license": "MIT",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"engines": {`