fix: always consider report content as text

Report content was used as HTML in front-end and e-mails but wasn't sanitized as such. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-12-06 11:05:56 +01:00
parent ded59bec27
commit ffff379d47
5 changed files with 49 additions and 8 deletions
--- a/src/components/Report/ReportCard.vue
+++ b/src/components/Report/ReportCard.vue
@@ -63,7 +63,9 @@
          {{ t("Reported by an unknown actor") }}
        </span>
      </div>
-      <div class="" v-if="report.content" v-html="report.content" />
+      <div class="line-clamp-1" v-if="report.content">
+        {{ report.content }}
+      </div>
    </div>
  </div>
 </template>
--- a/src/views/Moderation/ReportView.vue
+++ b/src/views/Moderation/ReportView.vue
@@ -216,11 +216,9 @@
          </div>
          <p v-else>{{ t("Unknown actor") }}</p>
        </div>
-        <div
-          class="prose dark:prose-invert"
-          v-if="report.content"
-          v-html="nl2br(report.content)"
-        />
+        <div class="prose dark:prose-invert" v-if="report.content">
+          {{ report.content }}
+        </div>
        <p v-else>{{ t("No comment") }}</p>
      </div>
    </section>
@@ -407,7 +405,6 @@ import {
 } from "@/types/actor";
 import { DELETE_EVENT } from "@/graphql/event";
 import uniq from "lodash/uniq";
-import { nl2br } from "@/utils/html";
 import { DELETE_COMMENT } from "@/graphql/comment";
 import { IComment } from "@/types/comment.model";
 import { ActorType, AntiSpamFeedback, ReportStatusEnum } from "@/types/enums";