From 52769a47ed378d914ce2d6a555536a7d6adc26b1 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Mon, 18 Nov 2024 14:31:05 +0100
Subject: [PATCH] fix(core): Do not use `v-html` for translation output

The content that can be renderered does *not* include HTML (see
`recommended` object).
But `v-html` was used, this is potentially dangerous, even though we
sanitize the translation values, so no urgent harm but better safe than
sorry.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 core/src/components/setup/RecommendedApps.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/components/setup/RecommendedApps.vue b/core/src/components/setup/RecommendedApps.vue
index 9bab568a924..d6600ee35d5 100644
--- a/core/src/components/setup/RecommendedApps.vue
+++ b/core/src/components/setup/RecommendedApps.vue
@@ -18,7 +18,7 @@
 				<img :src="customIcon(app.id)" alt="">
 				<div class="info">
 					<h3>{{ customName(app) }}</h3>
-					<p v-html="customDescription(app.id)" />
+					<p v-text="customDescription(app.id)" />
 					<p v-if="app.installationError">
 						<strong>{{ t('core', 'App download or installation failed') }}</strong>
 					</p>
-- 
2.39.5