TeamPiped-mirror/Piped
1
0
Fork 0
mirror of https://github.com/TeamPiped/Piped.git synced 2024-08-14 23:57:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(hyperlinking): purify channel descriptions to prevent XSS vulnerability

Browse source
This commit is contained in:
Amir 2021-07-23 19:28:45 +04:30
parent 5846e90372
commit 4924f06a19
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/components/Channel.vue
View file

@ -4,7 +4,7 @@
<div v-if="channel" v-show="!channel.error"> <div v-if="channel" v-show="!channel.error">
<h1 class="uk-text-center"><img height="48" width="48" v-bind:src="channel.avatarUrl" />{{ channel.name }}</h1> <h1 class="uk-text-center"><img height="48" width="48" v-bind:src="channel.avatarUrl" />{{ channel.name }}</h1>
<img v-if="channel.bannerUrl" v-bind:src="channel.bannerUrl" style="width: 100%" loading="lazy" /> <img v-if="channel.bannerUrl" v-bind:src="channel.bannerUrl" style="width: 100%" loading="lazy" />
<p style="white-space: pre-wrap"><span v-html="urlify(channel.description)"></span></p> <p style="white-space: pre-wrap"><span v-html="purifyHTML(urlify(channel.description))"></span></p>
<button <button
v-if="authenticated" v-if="authenticated"