diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-11-18 14:31:05 +0100 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-11-18 14:31:05 +0100 |
| commit | 302bc11513e6f5237d6c90d1a6beaa806303b319 (patch) | |
| tree | 3805f3f766d6a3494a19f29b7ccad0def2e9c7cf | |
| parent | c74ba567ec5d890cc9d0f857e5a8ba9141a9c71e (diff) | |
| download | nextcloud-server-fix/drop-v-html.tar.gz nextcloud-server-fix/drop-v-html.zip | |
fix(core): Do not use `v-html` for translation outputfix/drop-v-html
The content that can be renderered does *not* include HTML (see
`recommended` object).
But `v-html` was used, this is potentially dangerous, even though we
sanitize the translation values, so no urgent harm but better safe than
sorry.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| -rw-r--r-- | core/src/components/setup/RecommendedApps.vue | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/src/components/setup/RecommendedApps.vue b/core/src/components/setup/RecommendedApps.vue index 9bab568a924..d6600ee35d5 100644 --- a/core/src/components/setup/RecommendedApps.vue +++ b/core/src/components/setup/RecommendedApps.vue @@ -18,7 +18,7 @@ <img :src="customIcon(app.id)" alt=""> <div class="info"> <h3>{{ customName(app) }}</h3> - <p v-html="customDescription(app.id)" /> + <p v-text="customDescription(app.id)" /> <p v-if="app.installationError"> <strong>{{ t('core', 'App download or installation failed') }}</strong> </p> |