Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: footer support html #567

Merged
merged 1 commit into from
Jan 21, 2025
Merged

feat: footer support html #567

merged 1 commit into from
Jan 21, 2025

Conversation

dreamhunter2333
Copy link
Owner

@dreamhunter2333 dreamhunter2333 commented Jan 20, 2025
edited by github-actions bot
Loading

PR Type

enhancement

Description

  • Add HTML support to footer copyright text

  • Refactor footer template for better alignment

Changes walkthrough 📝

Relevant files
Enhancement
Footer.vue
Add HTML support and refactor footer alignment                     

frontend/src/views/Footer.vue

  • Add HTML support for openSettings.copyright
  • Refactor footer text into n-space for better alignment
    		• +8/-3     

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @github-actions GitHub Actions
    Copy link

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
    🔒 Security concerns

    XSS Vulnerability:
    The use of v-html to render dynamic content (openSettings.copyright) can expose the application to XSS attacks if the content is not properly sanitized.

    ⚡ Recommended focus areas for review

    Possible XSS Vulnerability

    The use of v-html to render openSettings.copyright introduces a potential XSS vulnerability. Ensure that the content is properly sanitized before rendering.

    <div v-html="openSettings.copyright"></div>

    @github-actions GitHub Actions
    Copy link

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Security
    Sanitize HTML content to prevent XSS

    Ensure that the content rendered using v-html is sanitized to prevent potential
    Cross-Site Scripting (XSS) attacks.

    frontend/src/views/Footer.vue [29]

    -<div v-html="openSettings.copyright"></div>
+<div v-html="sanitizeHtml(openSettings.copyright)"></div>
    Suggestion importance[1-10]: 9

    Why: The suggestion addresses a critical security concern by ensuring that the HTML content rendered using v-html is sanitized, which helps prevent potential Cross-Site Scripting (XSS) attacks.

    		9

    @dreamhunter2333 dreamhunter2333 merged commit 37614ce into main Jan 21, 2025
    1 check passed
    @dreamhunter2333 dreamhunter2333 deleted the feature/dev branch January 21, 2025 02:24
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    Review effort [1-5]: 2
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    1 participant
    @dreamhunter2333