diff options
| author | dakkar <dakkar@thenautilus.net> | 2024-02-09 12:19:19 +0000 |
|---|---|---|
| committer | dakkar <dakkar@thenautilus.net> | 2024-02-09 12:19:19 +0000 |
| commit | b029738ec0b3b57b331f027eb19bc70a085e1e8d (patch) | |
| tree | 630c65f75caaad47e8a1b5d9e28dcb0250844564 /packages/frontend/src/components | |
| parent | merge: fix: quote being returned as null instead of false on mastodon api (!407) (diff) | |
| download | sharkey-b029738ec0b3b57b331f027eb19bc70a085e1e8d.tar.gz sharkey-b029738ec0b3b57b331f027eb19bc70a085e1e8d.tar.bz2 sharkey-b029738ec0b3b57b331f027eb19bc70a085e1e8d.zip | |
sanitise some admin-controlled HTML #406
this protects from rogue admins injecting bad HTML in
rules/descriptions
Diffstat (limited to 'packages/frontend/src/components')
| -rw-r--r-- | packages/frontend/src/components/MkSignupDialog.rules.vue | 3 | ||||
| -rw-r--r-- | packages/frontend/src/components/MkVisitorDashboard.vue | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/packages/frontend/src/components/MkSignupDialog.rules.vue b/packages/frontend/src/components/MkSignupDialog.rules.vue index 9e2d7821d5..b7476c6598 100644 --- a/packages/frontend/src/components/MkSignupDialog.rules.vue +++ b/packages/frontend/src/components/MkSignupDialog.rules.vue @@ -24,7 +24,7 @@ SPDX-License-Identifier: AGPL-3.0-only <template #suffix><i v-if="agreeServerRules" class="ph-check ph-bold ph-lg" style="color: var(--success)"></i></template> <ol class="_gaps_s" :class="$style.rules"> - <li v-for="item in instance.serverRules" :class="$style.rule"><div :class="$style.ruleText" v-html="item"></div></li> + <li v-for="item in instance.serverRules" :class="$style.rule"><div :class="$style.ruleText" v-html="sanitizeHtml(item)"></div></li> </ol> <MkSwitch :modelValue="agreeServerRules" style="margin-top: 16px;" @update:modelValue="updateAgreeServerRules">{{ i18n.ts.agree }}</MkSwitch> @@ -65,6 +65,7 @@ SPDX-License-Identifier: AGPL-3.0-only import { computed, ref } from 'vue'; import { instance } from '@/instance.js'; import { i18n } from '@/i18n.js'; +import sanitizeHtml from 'sanitize-html'; import MkButton from '@/components/MkButton.vue'; import MkFolder from '@/components/MkFolder.vue'; import MkSwitch from '@/components/MkSwitch.vue'; diff --git a/packages/frontend/src/components/MkVisitorDashboard.vue b/packages/frontend/src/components/MkVisitorDashboard.vue index 11707b07f3..2d6e0b59f5 100644 --- a/packages/frontend/src/components/MkVisitorDashboard.vue +++ b/packages/frontend/src/components/MkVisitorDashboard.vue @@ -16,7 +16,7 @@ SPDX-License-Identifier: AGPL-3.0-only </h1> <div :class="$style.mainAbout"> <!-- eslint-disable-next-line vue/no-v-html --> - <div v-html="meta.description || i18n.ts.headlineMisskey"></div> + <div v-html="sanitizeHtml(meta.description) || i18n.ts.headlineMisskey"></div> </div> <div v-if="instance.disableRegistration" :class="$style.mainWarn"> <MkInfo warn>{{ i18n.ts.invitationRequiredToRegister }}</MkInfo> @@ -56,6 +56,7 @@ SPDX-License-Identifier: AGPL-3.0-only <script lang="ts" setup> import { ref } from 'vue'; import * as Misskey from 'misskey-js'; +import sanitizeHtml from 'sanitize-html'; import XSigninDialog from '@/components/MkSigninDialog.vue'; import XSignupDialog from '@/components/MkSignupDialog.vue'; import MkButton from '@/components/MkButton.vue'; |