惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
The Last Watchdog
The Last Watchdog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
O
OpenAI News
T
Threat Research - Cisco Blogs
WordPress大学
WordPress大学
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Palo Alto Networks Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Help Net Security
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
Securelist
Vercel News
Vercel News
S
Security Affairs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
云风的 BLOG
云风的 BLOG
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Blog — PlanetScale
Blog — PlanetScale
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Last Week in AI
Last Week in AI
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
G
Google Developers Blog
T
Tor Project blog
Project Zero
Project Zero
腾讯CDC
Schneier on Security
Schneier on Security
月光博客
月光博客
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
L
LINUX DO - 最新话题
P
Proofpoint News Feed
博客园 - 司徒正美
A
About on SuperTechFans
Latest news
Latest news
Scott Helme
Scott Helme
Hacker News: Ask HN
Hacker News: Ask HN
T
Threatpost
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
CERT Recently Published Vulnerability Notes
Google DeepMind News
Google DeepMind News
博客园 - 聂微东

The Astro Blog

Astro 6.4 Astro 6.3 Starlight 0.39 Astro 6.2 What's new in Astro - April 2026 What's new in Astro - March 2026 Astro 6.1 CloudCannon Joins Astro as an Official CMS Partner Astro 6.0 What's new in Astro - February 2026 What's new in Astro - January 2026 Astro 5.17 Supporting the future of Astro The Astro Technology Company joins Cloudflare Astro 6 Beta What's new in Astro - December 2025 What's new in Astro - November 2025 Astro 5.16 Stainless Sponsors Astro, Launches Astro-Powered Docs Platform What's new in Astro - October 2025 Astro 5.15 Spirit of Astro: meet the winning designs What's new in Astro - September 2025 Astro 5.14 Cloudflare Donates $150,000 to Support Astro's Open Source Mission Webflow Donates $150,000 to Support Astro's Open Source Mission Mux: Our Official Video Partner Unleashing creativity: How CodeTV built a video streaming platform with Astro and Mux | Astro What's new in Astro - August 2025 Astro 5.13 What's new in Astro - July 2025 Astro 5.12 Starlight 0.35 Astro 5.11 What's new in Astro - June 2025 Live Content Collections: A Deep Dive Introducing… Astro Mart Astro Solstice Festival Astro 5.10 Astro 5.9 What's new in Astro - May 2025 Astro 5.8 What's new in Astro - April 2025 2025 Technical Steering Committee Starlight April Update Astro 5.7 Astro Agency Partner Program Astro 5.6 What's new in Astro - March 2025 Astro 5.5 What's new in Astro - February 2025 Astro 5.4 Starlight 0.32 Astro 5.3 What's new in Astro - January 2025 Astro 5.2 2024 year in review What's new in Astro - December 2024 Astro 5.1 Astro 5.0 Google IDX: Our Official Online Editor Partner What's new in Astro - November 2024 What's new in Astro - October 2024 Astro x Cloudinary SDK What's new in Astro - September 2024 Community Loaders for Astro Content Layer Astro x Hygraph: Content Loader Astro x Cloudinary: Content Loader Astro x Storyblok: Content Loader Content Layer: A Deep Dive Starlight 0.28 Astro 5.0 Beta Release The $100,000 Astro Ecosystem Fund Fall Update Goodbye Studio, Hello DB What's new in Astro - August 2024 Astro 4.15 Astro 4.14 Astro 4.13 What's new in Astro - July 2024 Astro 4.12: Server Islands Netlify: Our Official Deployment Partner What's new in Astro - June 2024 Astro 4.11 Astro Together 2024 Server Islands The Astro Content Layer Zero-JavaScript View Transitions Astro 4.10 Starlight turns one year old! What's new in Astro - May 2024 Astro 4.9 Astro 4.8 What's new in Astro - April 2024 Astro 4.7 Astro 4.6 What's new in Astro - March 2024 Migrating 500+ tests from Mocha to Node.js Astro DB: A Deep Dive The Astro Developer Portal Astro DB
Astro 0.23 Release Notes
Fred Schott · 2022-02-19 · via The Astro Blog

Astro v0.23.0 has just been released with some new features and highlights:

  • Dynamic File Routes
  • Automatic XSS Protection
  • New set:html and set:text directives
  • Safe access to sensitive environment variables
  • Better builds with Vite v2.8
  • Better stability with @astro/compiler v0.11
  • Better build performance with --experimental-static-builds

Dynamic File Routes

You can now build dynamic, non-HTML files in your project by using Astro’s new file routes. Use file routes to dynamically generate files during your build for things like JSON, XML, or even non-text assets like images. This feature has been one of our most requested since the early days of Astro!

To create a file route inside of your Astro project, create a new JavaScript or TypeScript file inside of your src/pages directory. File routes leverage Astro’s existing file-based router, so be sure to include the final built file extension in the filename.

// Outputs: /builtwith.json

// File routes export a get() function, which gets called to generate the file.

// Return an object with `body` to save the file contents in your final build.

export async function get() {

return {

body: JSON.stringify({

name: "Astro",

url: "https://astro.build/",

}),

}

}

This feature is only available with the --experimental-static-build flag. To learn more, check out the docs.

Automatic XSS Protection

Astro v0.23 begins our migration towards automatic HTML escaping inside of Astro template expressions. This new feature will protect you from accidentally injecting untrusted HTML onto your page. Without it, you open yourself up to Cross Site Scripting (XSS) attacks where malicious users can hijack your site to run untrusted or unexpected code on the page.

<!-- Examples of untrusted HTML injection -->

<div>{`<span>Hello, dangerous HTML</span>`}</div>

<div>{`<script>alert('oh no');</script>`}</div>

<div>{untrustedHtml}</div>

Thanks to React and other component-based UI libraries, XSS vulnerabilities are becoming a thing of the past. Astro is excited to meet this same bar of zero-effort, built-in, automatic XSS protection.

To help our users migrate, Astro v0.23 will log a warning to the console when unescaped HTML is encountered inside of a template expression. In the next version, template expressions will always escape their contents.

New set:html and set:text directives

Two new directives are introduced to support better HTML injection when you need it. As we covered in the previous section, setting HTML directly is risky. However, in some special cases it may be required. Astro created the new set:html directive for those cases. You can think of it like React’s dangerouslySetInnerHTML.

<!-- Examples of explicit HTML setting -->

<div set:html={`<span>Hello, trusted or already escaped HTML</span>`} />

<div set:html={`<script>alert('oh yes');</script>`} />

<div set:html={trustedOrAlreadyEscapedHtml} />

If you don’t want a <div> wrapper, you can also use set:html on the Fragment component for zero wrapping HTML:

- {`<span>Hello, dangerous HTML</span>`}

+ <Fragment set:html={`<span>Hello, trusted or already escaped HTML</span>`} />

set:text is also available to set the element text directly, similar to setting the .text property on an element in the browser. Together, these two directives give you a bit more control over the Astro output when you need it.

Safe access to sensitive environment variables

For security, Vite only loads environment variables that are explicitly opted-in to be exposed with a PUBLIC_ prefix. This restriction makes sense in the browser, and protects you from accidentally leaking secret tokens and values. However, it also meant that private environment variables weren’t available to you at all, even locally inside of server-rendered Astro components.

In Astro v0.23, import.meta.env now lets you access your private environment variables inside of Astro and anytime code renders locally or on the server. Astro will continue to protect you on the client, and only expose PUBLIC_ variables to the frontend that ships to your users.

// DB_PASSWORD is only available when building your site.

// If any code tried to run this in the browser, it will be empty.

const data = await db(import.meta.env.DB_PASSWORD)

// PUBLIC_POKEAPI is available anywhere, thanks to the PUBLIC_ prefix!

const data = fetch(`${import.meta.env.PUBLIC_POKEAPI}/pokemon/squirtle`)

See our Environment Variables documentation to learn more.

Better builds with Vite v2.8

Astro v0.23 comes with an internal Vite upgrade that brings new features and huge stability improvements. Vite’s npm package handling got a boost as well, so that more packages should work in more projects. Check out their changelog to learn more.

Better stability with @astro/compiler v0.11

Astro v0.23 also got a compiler upgrade which should result in noticeable performance and stability improvements across all projects. Check out the changelog to learn more.

Better build performance

You may have noticed the reference to --experimental-static-build above, and the fact that some new features are only available behind this flag. This flag is not new in v0.23, but it continues to improve as we get closer to an official release of the feature. This new “static build” strategy will soon become the default build behavior in Astro.

If you haven’t tried the --experimental-static-build flag out yet in your build, please give it a try and leave us feedback in Discord. Check out our blog post Scaling Astro to 10,000+ Pages to learn more about this future build strategy for Astro.

👋

Thank you for reading! Follow us on Twitter to stay up to date on Astro releases and news.

If you’ve read this far, you should definitely join us on Discord. ;)