git724/forgejo
1
0
Fork 0
Code Issues Pull requests 3 Projects 1 Releases Packages Wiki Activity

Merge pull request 'replace v-html with v-text in branch search inputbox for XSS protection' (#5244) from earl-warren/forgejo:wip-xss into forgejo

Browse source 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5244
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
This commit is contained in:
Earl Warren 2024-09-06 10:37:06 +00:00
commit 6114356dff
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
web_src/js/components/RepoBranchTagSelector.vue
View file

@ -289,13 +289,11 @@ export default sfc; // activate IDE's Vue plugin
<a href="#" @click="createNewBranch()">
<div v-show="shouldCreateTag">
<i class="reference tags icon"/>
<!-- eslint-disable-next-line vue/no-v-html -->
<span v-html="textCreateTag.replace('%s', searchTerm)"/>
<span v-text="textCreateTag.replace('%s', searchTerm)"/>
</div>
<div v-show="!shouldCreateTag">
<svg-icon name="octicon-git-branch"/>
<!-- eslint-disable-next-line vue/no-v-html -->
<span v-html="textCreateBranch.replace('%s', searchTerm)"/>
<span v-text="textCreateBranch.replace('%s', searchTerm)"/>
</div>
<div class="text small">
<span v-if="isViewBranch || release">{{ textCreateBranchFrom.replace('%s', branchName) }}</span>