Skip to content

Commit

Permalink
bugfix [v3] add satinize for xss
Browse files Browse the repository at this point in the history
  • Loading branch information
rahmatalmubarak committed Aug 1, 2023
1 parent 5ccb535 commit ce934e0
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 4 deletions.
1 change: 1 addition & 0 deletions src/Commands/BadasoSetup.php
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ protected function updatePackageJson()
$decoded_json['dependencies']['sass'] = '^1.32.11';
$decoded_json['dependencies']['sass-loader'] = '^11.0.1';
$decoded_json['dependencies']['resolve-url-loader'] = '^4.0.0';
$decoded_json['dependencies']['dompurify'] = '^3.0.5';

$decoded_json['dependencies']['@johmun/vue-tags-input'] = '^2.1.0';
$decoded_json['dependencies']['@tinymce/tinymce-vue'] = '^3';
Expand Down
8 changes: 6 additions & 2 deletions src/resources/badaso/components/BadasoSelect.vue
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
>
<vs-select-item
:key="index"
:value="item.value ? item.value : item"
:text="item.label ? item.label : item"
:value="satinize(item.value) ? satinize(item.value) : satinize(item)"
:text="satinize(item.label) ? satinize(item.label) : satinize(item)"
v-for="(item, index) in items"
/>
</vs-select>
Expand All @@ -34,6 +34,7 @@
</template>

<script>
import * as DOMPurify from 'dompurify';
export default {
name: "BadasoSelect",
components: {},
Expand Down Expand Up @@ -70,6 +71,9 @@ export default {
},
},
methods: {
satinize(item) {
return DOMPurify.sanitize(item)
},
handleInput(val) {
this.$emit("input", val);
},
Expand Down
8 changes: 6 additions & 2 deletions src/resources/badaso/components/BadasoSelectMultiple.vue
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@
>
<vs-select-item
:key="index"
:value="item.value"
:text="item.label"
:value="satinize(item.value)"
:text="satinize(item.label)"
v-for="(item, index) in items"
/>
</vs-select>
Expand All @@ -38,6 +38,7 @@
</template>

<script>
import * as DOMPurify from 'dompurify';
export default {
name: "BadasoSelectMultiple",
components: {},
Expand Down Expand Up @@ -75,6 +76,9 @@ export default {
},
},
methods: {
satinize(item) {
return DOMPurify.sanitize(item)
},
handleInput(val) {
this.$emit("input", val);
},
Expand Down

0 comments on commit ce934e0

Please sign in to comment.