ExternalVendorCode/openmct
1
0
Fork 0
mirror of https://github.com/nasa/openmct.git synced 2025-01-31 08:25:31 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

[Notebook] Sanitize entries before save for extra protection (#6255)

Browse Source 
* Sanitizing before save as well to be be doubly safe

---------

Co-authored-by: Andrew Henry <akhenry@gmail.com>
This commit is contained in:
Jamie V 2023-02-02 18:16:45 -08:00 committed by GitHub
parent 422b7f3e09
commit 0f312a88bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/plugins/notebook/components/NotebookEntry.vue
View File

@ -77,13 +77,13 @@
aria-label="Notebook Entry Input"
tabindex="0"
:contenteditable="canEdit"
v-bind.prop="formattedText"
@mouseover="checkEditability($event)"
@mouseleave="canEdit = true"
@focus="editingEntry()"
@blur="updateEntryValue($event)"
@keydown.enter.exact.prevent
@keyup.enter.exact.prevent="forceBlur($event)"
v-html="formattedText"
>
</div>
</template>
@ -250,7 +250,7 @@ export default {
let text = sanitizeHtml(this.entry.text, SANITIZATION_SCHEMA);
if (this.editMode || !this.urlWhitelist) {
return text;
return { innerText: text };
}
text = text.replace(URL_REGEX, (match) => {
@ -268,7 +268,7 @@ export default {
return result;
});
return text;
return { innerHTML: text };
},
isSelectedEntry() {
return this.selectedEntryId === this.entry.id;
@ -456,7 +456,7 @@ export default {
this.editMode = false;
const value = $event.target.innerText;
if (value !== this.entry.text && value.match(/\S/)) {
this.entry.text = value;
this.entry.text = sanitizeHtml(value, SANITIZATION_SCHEMA);
this.timestampAndUpdate();
} else {
this.$emit('cancelEdit');