Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Antd Less creates global JavaScript leaks

See original GitHub issue

I have searched the issues of this repository and believe that this is not a duplicate.

Version

3.6.4

Environment

Mac Node.js

Reproduction link

https://github.com/ant-design/ant-design

Steps to reproduce

I’m a maintainer of Less. There were some reported issues of using Antd with Less 3.x. I decided to try adding ant-design to Less tests. But immediately a global leak was detected by Less tests. I got the error message: Global leak detected: colorEasing, tinycolor, colorPalette

It seems that the Less files, when Inline JavaScript is enabled, add functions to the global object.

What is expected?

Less style files should not manipulate or leak into the global object.

What is actually happening?

colorEasing, tinycolor, colorPalette are leaking globally.

If you need help with creating a proper Less plugin (Inline JavaScript is discouraged for security and leak reasons like this), you can ask questions here: https://gitter.im/less/less.js

Issue Analytics

State:
Created 5 years ago
Reactions:3
Comments:9 (2 by maintainers)

Top GitHub Comments

5reactions

matthew-deancommented, Nov 21, 2018

@tylik1 This isn’t directly related to the inline JavaScript issue. This is what that inline JavaScript is doing (leaking into the global namespace), which is its own problem. So this isn’t so much a security vulnerability issue as a performance / memory issue. Antd shouldn’t be calling “Less” code that then has embedded JS code that is injecting vars globally into the Node runtime. There are layers of bad practices here.

3reactions

biw-joelschoucommented, Oct 28, 2020

Is the antd team bailing on this issue? I see the PR to resolve was closed rather unceremoniously (https://github.com/ant-design/ant-design/pull/20470) and switching javascriptEnabled to false in my webpack.config throws errors for .bezierEasingMixin();.

Top Results From Across the Web

Antd Less creates global JavaScript leaks #11097 - Issuehunt

Less style files should not manipulate or leak into the global object. What is actually happening? colorEasing, tinycolor, colorPalette are leaking globally. If ......

Can't import Antd single component without messing up with ...

I'd like to import a few components from the Ant Design React CSS library but I can't manage to get it working. I...

Getting Started - Ant Design

Ant Design React is dedicated to providing a good development experience for programmers. Before starting, it is recommended to learn React and ES2015...

Configure less with ant design in React | by Sunil kumar Banjare

npm install antd @craco/craco craco-antd craco-less less-loader --save. Step 4: Create a new file craco.config.js in same level where your ...

How to use Ant Design with Next.js - LogRocket Blog

Using the next-plugin-antd-less and babel-plugin-import packages and adding some config, we can achieve this. ... After installation, create .