Skip to content

Commit

Permalink
Don't render HTML in tooltips
Browse files Browse the repository at this point in the history 
This fixes an XSS issue because the v-tooltip library is rendering
HTML by default.
  • Loading branch information
@simenheg
simenheg committed Oct 9, 2023
1 parent 724bc3b commit 3ffac74
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ All notable changes to this project will be documented in this file. The format
- The admin panel tab has been completely removed from the item tab bar (all
functionality moved to drawers).

### Security

- Fixed an XSS issue with the rendering of tooltips.

## [3.9.0] 2023-09-01

### Added
Expand Down
4 changes: 3 additions & 1 deletion src/main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ Vue.use(Toasted, {
className: 'toast',
duration: 3500,
});
Vue.use(VTooltip);
Vue.use(VTooltip, {
defaultHtml: false,
});
Vue.use(VueMeta);
Vue.use(firestorePlugin);
Vue.use(VueFlatPickr);
Expand Down

0 comments on commit 3ffac74

Please sign in to comment.