Merge pull request #885 from oslokommune/fix-xss

Don't render HTML in tooltips
oslokommune · Oct 9, 2023 · dab07b6 · dab07b6
2 parents 724bc3b + 3ffac74
commit dab07b6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -41,6 +41,10 @@ All notable changes to this project will be documented in this file. The format
 - The admin panel tab has been completely removed from the item tab bar (all
   functionality moved to drawers).
 
+### Security
+
+- Fixed an XSS issue with the rendering of tooltips.
+
 ## [3.9.0] 2023-09-01
 
 ### Added

diff --git a/src/main.js b/src/main.js
@@ -31,7 +31,9 @@ Vue.use(Toasted, {
   className: 'toast',
   duration: 3500,
 });
-Vue.use(VTooltip);
+Vue.use(VTooltip, {
+  defaultHtml: false,
+});
 Vue.use(VueMeta);
 Vue.use(firestorePlugin);
 Vue.use(VueFlatPickr);