File tree Expand file tree Collapse file tree 2 files changed +10
-4
lines changed
administration/configuration Expand file tree Collapse file tree 2 files changed +10
-4
lines changed Original file line number Diff line number Diff line change 4646 <div slot =" header"
4747 <h4 >{{ $t('admin.preview') }}</h4 >
4848 </div >
49- <p ><span v-html =" welcomeMessage " p >
49+ <p ><span v-html =" sanitizedWelcomeMessage " p >
5050 </b-card >
5151 </b-col >
5252 </b-row >
@@ -58,6 +58,7 @@ import axios from 'axios';
5858import { Switch as cSwitch } from ' @coreui/vue'
5959import configPropertyMixin from ' ../mixins/configPropertyMixin'
6060import common from ' ../../../shared/common'
61+ import DOMPurify from ' dompurify'
6162
6263export default {
6364 mixins: [configPropertyMixin],
@@ -83,7 +84,11 @@ export default {
8384 this .isWelcomeMessage = common .toBoolean (response .data .propertyValue );
8485 });
8586 },
86- computed: {},
87+ computed: {
88+ sanitizedWelcomeMessage () {
89+ return DOMPurify .sanitize (this .welcomeMessage );
90+ },
91+ },
8792 methods: {
8893 updateCode () {
8994 const editor = this .$refs .editor ;
Original file line number Diff line number Diff line change @@ -111,6 +111,7 @@ import EventBus from '../../shared/eventbus';
111111import { getRedirectUrl , getContextPath } from ' ../../shared/utils'
112112const qs = require (' querystring'
113113import common from ' ../../shared/common'
114+ import DOMPurify from ' dompurify'
114115
115116export default {
116117 name: ' Login'
@@ -156,8 +157,8 @@ export default {
156157 if (this .isWelcomeMessage ) {
157158 let message_url = ` ${ this .$api .BASE_URL } ${ this .$api .URL_CONFIG_PROPERTY } `
158159 axios .get (message_url).then ((response ) => {
159- this .welcomeMessage = decodeURIComponent (
160- response .data .propertyValue ,
160+ this .welcomeMessage = DOMPurify . sanitize (
161+ decodeURIComponent ( response .data .propertyValue ) ,
161162 );
162163 });
163164 }
You can’t perform that action at this time.
0 commit comments