LeadMagnet/leadchat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix: Avoid XSS in custom attributes (#7800)

Browse Source
This commit is contained in:
Sivin Varghese
2023-09-05 09:49:54 +05:30
committed by GitHub
parent e5f7807833
commit f31fc2b375
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/javascript/dashboard/components/CustomAttribute.vue
View File

@@ -61,7 +61,7 @@
> >
<a <a
v-if="isAttributeTypeLink" v-if="isAttributeTypeLink"
:href="value" :href="hrefURL"
target="_blank" target="_blank"
rel="noopener noreferrer" rel="noopener noreferrer"
class="value inline-block rounded-sm mb-0 break-all py-0.5 px-1" class="value inline-block rounded-sm mb-0 break-all py-0.5 px-1"
@@ -188,6 +188,9 @@ export default {
urlValue() { urlValue() {
return isValidURL(this.value) ? this.value : '---'; return isValidURL(this.value) ? this.value : '---';
}, },
hrefURL() {
return isValidURL(this.value) ? this.value : '';
},
notAttributeTypeCheckboxAndList() { notAttributeTypeCheckboxAndList() {
return !this.isAttributeTypeCheckbox && !this.isAttributeTypeList; return !this.isAttributeTypeCheckbox && !this.isAttributeTypeList;
}, },