fix: xss on tippy fixes #2103
Co-authored-by: Liyas Thomas <hi@liyasthomas.com>
This commit is contained in:
Andrew Bastin
@@ -1,9 +1,9 @@
|
|||||||
<template>
|
<template>
|
||||||
<div>
|
<div>
|
||||||
<header
|
<header
|
||||||
class="flex items-center justify-between flex-1 px-2 py-2 space-x-2"
|
class="flex space-x-2 flex-1 py-2 px-2 items-center justify-between"
|
||||||
>
|
>
|
||||||
<div class="inline-flex items-center space-x-2">
|
<div class="space-x-2 inline-flex items-center">
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
class="tracking-wide !font-bold !text-secondaryDark hover:bg-primaryDark focus-visible:bg-primaryDark"
|
class="tracking-wide !font-bold !text-secondaryDark hover:bg-primaryDark focus-visible:bg-primaryDark"
|
||||||
label="HOPPSCOTCH"
|
label="HOPPSCOTCH"
|
||||||
@@ -11,7 +11,7 @@
|
|||||||
/>
|
/>
|
||||||
<AppGitHubStarButton class="mt-1.5 transition <sm:hidden" />
|
<AppGitHubStarButton class="mt-1.5 transition <sm:hidden" />
|
||||||
</div>
|
</div>
|
||||||
<div class="inline-flex items-center space-x-2">
|
<div class="space-x-2 inline-flex items-center">
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
id="installPWA"
|
id="installPWA"
|
||||||
v-tippy="{ theme: 'tooltip' }"
|
v-tippy="{ theme: 'tooltip' }"
|
||||||
@@ -21,14 +21,14 @@
|
|||||||
@click.native="showInstallPrompt()"
|
@click.native="showInstallPrompt()"
|
||||||
/>
|
/>
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
v-tippy="{ theme: 'tooltip' }"
|
v-tippy="{ theme: 'tooltip', allowHTML: true }"
|
||||||
:title="`${t('app.search')} <kbd>/</kbd>`"
|
:title="`${t('app.search')} <kbd>/</kbd>`"
|
||||||
svg="search"
|
svg="search"
|
||||||
class="rounded hover:bg-primaryDark focus-visible:bg-primaryDark"
|
class="rounded hover:bg-primaryDark focus-visible:bg-primaryDark"
|
||||||
@click.native="invokeAction('modals.search.toggle')"
|
@click.native="invokeAction('modals.search.toggle')"
|
||||||
/>
|
/>
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
v-tippy="{ theme: 'tooltip' }"
|
v-tippy="{ theme: 'tooltip', allowHTML: true }"
|
||||||
:title="`${t('support.title')} <kbd>?</kbd>`"
|
:title="`${t('support.title')} <kbd>?</kbd>`"
|
||||||
svg="life-buoy"
|
svg="life-buoy"
|
||||||
class="rounded hover:bg-primaryDark focus-visible:bg-primaryDark"
|
class="rounded hover:bg-primaryDark focus-visible:bg-primaryDark"
|
||||||
@@ -47,7 +47,7 @@
|
|||||||
:label="t('header.login')"
|
:label="t('header.login')"
|
||||||
@click.native="showLogin = true"
|
@click.native="showLogin = true"
|
||||||
/>
|
/>
|
||||||
<div v-else class="inline-flex items-center space-x-2">
|
<div v-else class="space-x-2 inline-flex items-center">
|
||||||
<ButtonPrimary
|
<ButtonPrimary
|
||||||
v-tippy="{ theme: 'tooltip' }"
|
v-tippy="{ theme: 'tooltip' }"
|
||||||
:title="t('team.invite_tooltip')"
|
:title="t('team.invite_tooltip')"
|
||||||
@@ -87,11 +87,11 @@
|
|||||||
svg="user"
|
svg="user"
|
||||||
/>
|
/>
|
||||||
</template>
|
</template>
|
||||||
<div class="flex flex-col px-2 text-tiny">
|
<div class="flex flex-col text-tiny px-2">
|
||||||
<span class="inline-flex font-semibold truncate">
|
<span class="font-semibold inline-flex truncate">
|
||||||
{{ currentUser.displayName }}
|
{{ currentUser.displayName }}
|
||||||
</span>
|
</span>
|
||||||
<span class="inline-flex truncate text-secondaryLight">
|
<span class="text-secondaryLight inline-flex truncate">
|
||||||
{{ currentUser.email }}
|
{{ currentUser.email }}
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -8,14 +8,14 @@
|
|||||||
:indicator="gqlQueryString && gqlQueryString.length > 0 ? true : false"
|
:indicator="gqlQueryString && gqlQueryString.length > 0 ? true : false"
|
||||||
>
|
>
|
||||||
<div
|
<div
|
||||||
class="sticky z-10 flex items-center justify-between flex-1 pl-4 border-b bg-primary border-dividerLight top-upperSecondaryStickyFold gqlRunQuery"
|
class="bg-primary border-b border-dividerLight flex flex-1 top-upperSecondaryStickyFold pl-4 z-10 sticky items-center justify-between gqlRunQuery"
|
||||||
>
|
>
|
||||||
<label class="font-semibold text-secondaryLight">
|
<label class="font-semibold text-secondaryLight">
|
||||||
{{ t("request.query") }}
|
{{ t("request.query") }}
|
||||||
</label>
|
</label>
|
||||||
<div class="flex">
|
<div class="flex">
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
v-tippy="{ theme: 'tooltip', delay: [500, 20] }"
|
v-tippy="{ theme: 'tooltip', delay: [500, 20], allowHTML: true }"
|
||||||
:title="`${t(
|
:title="`${t(
|
||||||
'request.run'
|
'request.run'
|
||||||
)} <kbd>${getSpecialKey()}</kbd><kbd>G</kbd>`"
|
)} <kbd>${getSpecialKey()}</kbd><kbd>G</kbd>`"
|
||||||
@@ -26,7 +26,7 @@
|
|||||||
/>
|
/>
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
ref="saveRequest"
|
ref="saveRequest"
|
||||||
v-tippy="{ theme: 'tooltip', delay: [500, 20] }"
|
v-tippy="{ theme: 'tooltip', delay: [500, 20], allowHTML: true }"
|
||||||
:title="`${t(
|
:title="`${t(
|
||||||
'request.save'
|
'request.save'
|
||||||
)} <kbd>${getSpecialKey()}</kbd><kbd>S</kbd>`"
|
)} <kbd>${getSpecialKey()}</kbd><kbd>S</kbd>`"
|
||||||
@@ -71,7 +71,7 @@
|
|||||||
:indicator="variableString && variableString.length > 0 ? true : false"
|
:indicator="variableString && variableString.length > 0 ? true : false"
|
||||||
>
|
>
|
||||||
<div
|
<div
|
||||||
class="sticky z-10 flex items-center justify-between flex-1 pl-4 border-b bg-primary border-dividerLight top-upperSecondaryStickyFold"
|
class="bg-primary border-b border-dividerLight flex flex-1 top-upperSecondaryStickyFold pl-4 z-10 sticky items-center justify-between"
|
||||||
>
|
>
|
||||||
<label class="font-semibold text-secondaryLight">
|
<label class="font-semibold text-secondaryLight">
|
||||||
{{ t("request.variables") }}
|
{{ t("request.variables") }}
|
||||||
@@ -114,7 +114,7 @@
|
|||||||
:info="activeGQLHeadersCount === 0 ? null : `${activeGQLHeadersCount}`"
|
:info="activeGQLHeadersCount === 0 ? null : `${activeGQLHeadersCount}`"
|
||||||
>
|
>
|
||||||
<div
|
<div
|
||||||
class="sticky z-10 flex items-center justify-between flex-1 pl-4 border-b bg-primary border-dividerLight top-upperSecondaryStickyFold"
|
class="bg-primary border-b border-dividerLight flex flex-1 top-upperSecondaryStickyFold pl-4 z-10 sticky items-center justify-between"
|
||||||
>
|
>
|
||||||
<label class="font-semibold text-secondaryLight">
|
<label class="font-semibold text-secondaryLight">
|
||||||
{{ t("tab.headers") }}
|
{{ t("tab.headers") }}
|
||||||
@@ -154,7 +154,7 @@
|
|||||||
<div
|
<div
|
||||||
v-for="(header, index) in workingHeaders"
|
v-for="(header, index) in workingHeaders"
|
||||||
:key="`header-${String(index)}`"
|
:key="`header-${String(index)}`"
|
||||||
class="flex border-b divide-x divide-dividerLight border-dividerLight"
|
class="divide-x divide-dividerLight border-b border-dividerLight flex"
|
||||||
>
|
>
|
||||||
<SmartAutoComplete
|
<SmartAutoComplete
|
||||||
:placeholder="`${t('count.header', { count: index + 1 })}`"
|
:placeholder="`${t('count.header', { count: index + 1 })}`"
|
||||||
@@ -180,7 +180,7 @@
|
|||||||
"
|
"
|
||||||
/>
|
/>
|
||||||
<input
|
<input
|
||||||
class="flex flex-1 px-4 py-2 bg-transparent"
|
class="bg-transparent flex flex-1 py-2 px-4"
|
||||||
:placeholder="`${t('count.value', { count: index + 1 })}`"
|
:placeholder="`${t('count.value', { count: index + 1 })}`"
|
||||||
:name="`value ${String(index)}`"
|
:name="`value ${String(index)}`"
|
||||||
:value="header.value"
|
:value="header.value"
|
||||||
@@ -232,15 +232,15 @@
|
|||||||
</div>
|
</div>
|
||||||
<div
|
<div
|
||||||
v-if="workingHeaders.length === 0"
|
v-if="workingHeaders.length === 0"
|
||||||
class="flex flex-col items-center justify-center p-4 text-secondaryLight"
|
class="flex flex-col text-secondaryLight p-4 items-center justify-center"
|
||||||
>
|
>
|
||||||
<img
|
<img
|
||||||
:src="`/images/states/${$colorMode.value}/add_category.svg`"
|
:src="`/images/states/${$colorMode.value}/add_category.svg`"
|
||||||
loading="lazy"
|
loading="lazy"
|
||||||
class="inline-flex flex-col object-contain object-center w-16 h-16 my-4"
|
class="flex-col object-contain object-center h-16 my-4 w-16 inline-flex"
|
||||||
:alt="`${t('empty.headers')}`"
|
:alt="`${t('empty.headers')}`"
|
||||||
/>
|
/>
|
||||||
<span class="pb-4 text-center">
|
<span class="text-center pb-4">
|
||||||
{{ t("empty.headers") }}
|
{{ t("empty.headers") }}
|
||||||
</span>
|
</span>
|
||||||
<ButtonSecondary
|
<ButtonSecondary
|
||||||
|
|||||||
@@ -251,6 +251,7 @@ export default defineComponent({
|
|||||||
tippy(t, {
|
tippy(t, {
|
||||||
content: t.dataset["tippy-content"],
|
content: t.dataset["tippy-content"],
|
||||||
theme: "tooltip",
|
theme: "tooltip",
|
||||||
|
allowHTML: true,
|
||||||
popperOptions: {
|
popperOptions: {
|
||||||
modifiers: {
|
modifiers: {
|
||||||
preventOverflow: {
|
preventOverflow: {
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ Vue.use(VueTippy, {
|
|||||||
a11y: false,
|
a11y: false,
|
||||||
animateFill: false,
|
animateFill: false,
|
||||||
arrowType: "round",
|
arrowType: "round",
|
||||||
|
allowHTML: false,
|
||||||
popperOptions: {
|
popperOptions: {
|
||||||
modifiers: {
|
modifiers: {
|
||||||
preventOverflow: {
|
preventOverflow: {
|
||||||
|
|||||||
Reference in New Issue
Block a user