Skip to content

Commit

Permalink
Escape html in ActivitiesPanel and Notificiation
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlexAndBear
AlexAndBear committed Oct 2, 2024
1 parent 4d2cd6c commit 25ae141
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
5 changes: 3 additions & 2 deletions packages/web-runtime/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@
"deepmerge": "4.3.1",
"design-system": "workspace:@ownclouders/design-system@*",
"email-validator": "2.0.4",
"escape-html": "^1.0.3",
"filesize": "^10.1.0",
"focus-trap-vue": "^4.0.1",
"focus-trap": "7.6.0",
"focus-trap-vue": "^4.0.1",
"fuse.js": "7.0.0",
"lodash-es": "4.17.21",
"luxon": "3.5.0",
Expand All @@ -38,9 +39,9 @@
"semver": "7.6.3",
"utf8": "^3.0.0",
"uuid": "10.0.0",
"vue": "3.5.10",
"vue-concurrency": "5.0.1",
"vue-router": "4.2.5",
"vue": "3.5.10",
"vue3-gettext": "2.4.0",
"webdav": "5.7.1",
"xml-js": "^1.6.11",
Expand Down
3 changes: 2 additions & 1 deletion packages/web-runtime/src/components/Topbar/Notifications.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ import { useTask } from 'vue-concurrency'
import { MESSAGE_TYPE } from '@ownclouders/web-client/sse'
import { call } from '@ownclouders/web-client'
import { AxiosHeaders } from 'axios'
import escape from 'escape-html'
const POLLING_INTERVAL = 30000
Expand Down Expand Up @@ -138,7 +139,7 @@ export default {
}
interpolatedMessage = interpolatedMessage.replace(
`{${param.name}}`,
`<strong>${label}</strong>`
`<strong>${escape(label)}</strong>`
)
}
}
Expand Down

0 comments on commit 25ae141

Please sign in to comment.