diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-11-18 14:31:05 +0100 |
|---|---|---|
| committer | nextcloud-command <nextcloud-command@users.noreply.github.com> | 2024-11-19 09:35:23 +0000 |
| commit | 52769a47ed378d914ce2d6a555536a7d6adc26b1 (patch) | |
| tree | fd6393d7287c0df30135c1d2ab16a5eb4001be84 /core | |
| parent | fb75e2de78c1b7c24b19f51464d60d59c681f66e (diff) | |
| download | nextcloud-server-52769a47ed378d914ce2d6a555536a7d6adc26b1.tar.gz nextcloud-server-52769a47ed378d914ce2d6a555536a7d6adc26b1.zip | |
fix(core): Do not use `v-html` for translation output
The content that can be renderered does *not* include HTML (see
`recommended` object).
But `v-html` was used, this is potentially dangerous, even though we
sanitize the translation values, so no urgent harm but better safe than
sorry.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'core')
| -rw-r--r-- | core/src/components/setup/RecommendedApps.vue | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/src/components/setup/RecommendedApps.vue b/core/src/components/setup/RecommendedApps.vue index 9bab568a924..d6600ee35d5 100644 --- a/core/src/components/setup/RecommendedApps.vue +++ b/core/src/components/setup/RecommendedApps.vue @@ -18,7 +18,7 @@ <img :src="customIcon(app.id)" alt=""> <div class="info"> <h3>{{ customName(app) }}</h3> - <p v-html="customDescription(app.id)" /> + <p v-text="customDescription(app.id)" /> <p v-if="app.installationError"> <strong>{{ t('core', 'App download or installation failed') }}</strong> </p> |