From b029738ec0b3b57b331f027eb19bc70a085e1e8d Mon Sep 17 00:00:00 2001 From: dakkar Date: Fri, 9 Feb 2024 12:19:19 +0000 Subject: [PATCH] sanitise some admin-controlled HTML #406 this protects from rogue admins injecting bad HTML in rules/descriptions --- packages/frontend/src/components/MkSignupDialog.rules.vue | 3 ++- packages/frontend/src/components/MkVisitorDashboard.vue | 3 ++- packages/frontend/src/pages/about.vue | 5 +++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/frontend/src/components/MkSignupDialog.rules.vue b/packages/frontend/src/components/MkSignupDialog.rules.vue index 9e2d7821d5..b7476c6598 100644 --- a/packages/frontend/src/components/MkSignupDialog.rules.vue +++ b/packages/frontend/src/components/MkSignupDialog.rules.vue @@ -24,7 +24,7 @@ SPDX-License-Identifier: AGPL-3.0-only
    -
  1. +
{{ i18n.ts.agree }} @@ -65,6 +65,7 @@ SPDX-License-Identifier: AGPL-3.0-only import { computed, ref } from 'vue'; import { instance } from '@/instance.js'; import { i18n } from '@/i18n.js'; +import sanitizeHtml from 'sanitize-html'; import MkButton from '@/components/MkButton.vue'; import MkFolder from '@/components/MkFolder.vue'; import MkSwitch from '@/components/MkSwitch.vue'; diff --git a/packages/frontend/src/components/MkVisitorDashboard.vue b/packages/frontend/src/components/MkVisitorDashboard.vue index 11707b07f3..2d6e0b59f5 100644 --- a/packages/frontend/src/components/MkVisitorDashboard.vue +++ b/packages/frontend/src/components/MkVisitorDashboard.vue @@ -16,7 +16,7 @@ SPDX-License-Identifier: AGPL-3.0-only
-
+
{{ i18n.ts.invitationRequiredToRegister }} @@ -56,6 +56,7 @@ SPDX-License-Identifier: AGPL-3.0-only