Sanitizes a few snackbar messages for safety.

2023-11-17 17:11:45 -03:00 · 2023-11-17 17:11:45 -03:00 · 14898b962f
parent c9c0e0db2a
commit 14898b962f
3 changed files with 5 additions and 5 deletions
--- a/src/views/admin/components/lists/terms-list-hierarchical.vue
+++ b/src/views/admin/components/lists/terms-list-hierarchical.vue
@ -751,7 +751,7 @@ export default {
                            let errorMessage = errors.length > 1 ? this.$i18n.getWithVariables('info_terms_creation_failed_due_to_values_%s', [ wrongValues ]) : this.$i18n.getWithVariables('info_terms_creation_failed_due_to_value_%s', [ wrongValues ]); 
                            errorMessage += ' ' + errors[0]['errors'][0]['name'];
                            this.$buefy.snackbar.open({
-                                message: errorMessage,
+                                message: errorMessage.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
                                type: 'is-danger',
                                position: 'is-bottom-right',
                                pauseOnHover: true,
--- a/src/views/admin/js/admin-utilities.js
+++ b/src/views/admin/js/admin-utilities.js
@ -15,7 +15,7 @@ ConsolePlugin.install = function (Vue, options = { visual: false }) {
        log(something) {
            if (options.visual) {
                Vue.prototype.$buefy.snackbar.open({
-                    message: something,
+                    message: something.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
                    type: 'is-secondary',
                    position: 'is-bottom-right',
                    indefinite: true,
@ -28,7 +28,7 @@ ConsolePlugin.install = function (Vue, options = { visual: false }) {
        info(someInfo) {
            if (options.visual) {
                Vue.prototype.$buefy.snackbar.open({
-                    message: someInfo,
+                    message: someInfo.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
                    type: 'is-primary',
                    position: 'is-bottom-right',
                    duration: 5000,
@ -41,7 +41,7 @@ ConsolePlugin.install = function (Vue, options = { visual: false }) {
        error(someError) {
            if (options.visual) {
                Vue.prototype.$buefy.snackbar.open({
-                    message: someError,
+                    message: someError.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
                    type: 'is-danger',
                    position: 'is-bottom-right',
                    indefinite: true,
--- a/src/views/admin/js/axios.js
+++ b/src/views/admin/js/axios.js
@ -37,7 +37,7 @@ export const tainacanErrorHandler = function(error) {
                    break;
            }
            Snackbar.open({
-                message: errorMessage,
+                message: errorMessage.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
                type: 'is-danger',
                duration: duration,
                actionText: errorMessageDetail != '' ? i18nGet('label_know_more') : null,