(cq) replace v-html with v-text to prevent xss
This commit is contained in:
parent
eba06e8ef8
commit
538467dc99
|
@ -18,7 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<div>
|
||||
<ul class="side-menu-setting-list">
|
||||
<li v-for="item in values" class="side-menu-setting-list-item" v-on:click="showEditForm(item)">
|
||||
<span v-html="item.en"></span>
|
||||
<span v-text="item.en"></span>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
@ -29,7 +29,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<Modal v-if="addForm" @close="hideAddForm">
|
||||
<div class="modal__content">
|
||||
<div v-for="lang in langs">
|
||||
<span class="lang" v-html="lang"></span>
|
||||
<span class="lang" v-text="lang"></span>
|
||||
<input type="text" v-model="newValue[lang]" required>
|
||||
</div>
|
||||
|
||||
|
@ -42,7 +42,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<Modal v-if="editForm" @close="hideEditForm">
|
||||
<div class="modal__content">
|
||||
<div v-for="lang in langs">
|
||||
<span class="lang" v-html="lang"></span>
|
||||
<span class="lang" v-text="lang"></span>
|
||||
<input type="text" v-model="editValue[lang]" required>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<template>
|
||||
<li v-bind:class="classes">
|
||||
<a v-bind:href="href" :target="target" v-bind:title="label">
|
||||
<span class="side-menu-app-icon" v-html="icon"></span>
|
||||
<span class="side-menu-app-text" v-html="label"></span>
|
||||
<span class="side-menu-app-icon" v-text="icon"></span>
|
||||
<span class="side-menu-app-text" v-text="label"></span>
|
||||
</a>
|
||||
</li>
|
||||
</template>
|
||||
|
|
|
@ -34,7 +34,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<Loader v-if="!items.length" />
|
||||
|
||||
<div class="side-menu-category" v-for="category in items">
|
||||
<h2 class="side-menu-category-title" v-if="category.name != ''" v-html="category.name"></h2>
|
||||
<h2 class="side-menu-category-title" v-if="category.name != ''" v-text="category.name"></h2>
|
||||
|
||||
<ul class="side-menu-apps-list">
|
||||
<SideMenuBigApp
|
||||
|
|
|
@ -18,7 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<li v-bind:class="classes">
|
||||
<a v-bind:href="href" :target="target" v-bind:title="label">
|
||||
<img class="side-menu-app-icon" v-bind:src="icon" v-bind:alt="label" />
|
||||
<span class="side-menu-app-text" v-html="label"></span>
|
||||
<span class="side-menu-app-text" v-text="label"></span>
|
||||
</a>
|
||||
</li>
|
||||
</template>
|
||||
|
|
|
@ -32,7 +32,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
<Loader v-if="!items.length" />
|
||||
|
||||
<div class="side-menu-category" v-for="category in items">
|
||||
<h2 class="side-menu-category-title" v-if="category.name != ''" v-html="category.name"></h2>
|
||||
<h2 class="side-menu-category-title" v-if="category.name != ''" v-text="category.name"></h2>
|
||||
|
||||
<ul class="side-menu-apps-list">
|
||||
<SideMenuBigApp
|
||||
|
|
Loading…
Reference in a new issue