hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(front): fix XSS because of bad operations when setting the group's summary

Browse Source 
Group summary (HTML) is properly sanitized by the backend, but for groups we did a special operation
before setting the HTML in the Vue app. This is now removed

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2023-12-06 08:47:28 +01:00
parent 935799f123
commit ded59bec27
3 changed files with 3 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/utils/html.ts
View File

@@ -2,15 +2,6 @@ export function nl2br(text: string): string {
return text.replace(/(?:\r\n|\r|\n)/g, "<br>");
}
export function htmlToText(html: string) {
const template = document.createElement("template");
const trimmedHTML = html.trim();
template.innerHTML = trimmedHTML;
const text = template.content.textContent;
template.remove();
return text;
}
export const getValueFromMeta = (name: string): string | null => {
const element = document.querySelector(`meta[name="${name}"]`);
if (element && element.getAttribute("content")) {