Compare commits

...

4 commits

Author SHA1 Message Date
Marie
2d125137a5 merge: fix: Update l-sushi.json5 to ensure the hashtag colour matches the main accent colour (!406)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/406

Approved-by: Marie <marie@kaifa.ch>
Approved-by: dakkar <dakkar@thenautilus.net>
2024-02-09 17:45:22 +00:00
Marie
0487d5ea4c merge: sanitise some admin-controlled HTML #406 (!413)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/413

Approved-by: Julia Johannesen <julia@insertdomain.name>
Approved-by: Marie <marie@kaifa.ch>
2024-02-09 17:14:58 +00:00
dakkar
b029738ec0 sanitise some admin-controlled HTML #406
this protects from rogue admins injecting bad HTML in
rules/descriptions
2024-02-09 12:19:19 +00:00
Susan S
a26ac74bf0 Update l-sushi.json5 to ensure the hashtag colour matches the main accent colour 2024-02-05 14:39:01 +00:00
4 changed files with 8 additions and 5 deletions

View file

@ -24,7 +24,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<template #suffix><i v-if="agreeServerRules" class="ph-check ph-bold ph-lg" style="color: var(--success)"></i></template> <template #suffix><i v-if="agreeServerRules" class="ph-check ph-bold ph-lg" style="color: var(--success)"></i></template>
<ol class="_gaps_s" :class="$style.rules"> <ol class="_gaps_s" :class="$style.rules">
<li v-for="item in instance.serverRules" :class="$style.rule"><div :class="$style.ruleText" v-html="item"></div></li> <li v-for="item in instance.serverRules" :class="$style.rule"><div :class="$style.ruleText" v-html="sanitizeHtml(item)"></div></li>
</ol> </ol>
<MkSwitch :modelValue="agreeServerRules" style="margin-top: 16px;" @update:modelValue="updateAgreeServerRules">{{ i18n.ts.agree }}</MkSwitch> <MkSwitch :modelValue="agreeServerRules" style="margin-top: 16px;" @update:modelValue="updateAgreeServerRules">{{ i18n.ts.agree }}</MkSwitch>
@ -65,6 +65,7 @@ SPDX-License-Identifier: AGPL-3.0-only
import { computed, ref } from 'vue'; import { computed, ref } from 'vue';
import { instance } from '@/instance.js'; import { instance } from '@/instance.js';
import { i18n } from '@/i18n.js'; import { i18n } from '@/i18n.js';
import sanitizeHtml from 'sanitize-html';
import MkButton from '@/components/MkButton.vue'; import MkButton from '@/components/MkButton.vue';
import MkFolder from '@/components/MkFolder.vue'; import MkFolder from '@/components/MkFolder.vue';
import MkSwitch from '@/components/MkSwitch.vue'; import MkSwitch from '@/components/MkSwitch.vue';

View file

@ -16,7 +16,7 @@ SPDX-License-Identifier: AGPL-3.0-only
</h1> </h1>
<div :class="$style.mainAbout"> <div :class="$style.mainAbout">
<!-- eslint-disable-next-line vue/no-v-html --> <!-- eslint-disable-next-line vue/no-v-html -->
<div v-html="meta.description || i18n.ts.headlineMisskey"></div> <div v-html="sanitizeHtml(meta.description) || i18n.ts.headlineMisskey"></div>
</div> </div>
<div v-if="instance.disableRegistration" :class="$style.mainWarn"> <div v-if="instance.disableRegistration" :class="$style.mainWarn">
<MkInfo warn>{{ i18n.ts.invitationRequiredToRegister }}</MkInfo> <MkInfo warn>{{ i18n.ts.invitationRequiredToRegister }}</MkInfo>
@ -56,6 +56,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<script lang="ts" setup> <script lang="ts" setup>
import { ref } from 'vue'; import { ref } from 'vue';
import * as Misskey from 'misskey-js'; import * as Misskey from 'misskey-js';
import sanitizeHtml from 'sanitize-html';
import XSigninDialog from '@/components/MkSigninDialog.vue'; import XSigninDialog from '@/components/MkSigninDialog.vue';
import XSignupDialog from '@/components/MkSignupDialog.vue'; import XSignupDialog from '@/components/MkSignupDialog.vue';
import MkButton from '@/components/MkButton.vue'; import MkButton from '@/components/MkButton.vue';

View file

@ -20,7 +20,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<MkKeyValue> <MkKeyValue>
<template #key>{{ i18n.ts.description }}</template> <template #key>{{ i18n.ts.description }}</template>
<template #value><div v-html="instance.description"></div></template> <template #value><div v-html="sanitizeHtml(instance.description)"></div></template>
</MkKeyValue> </MkKeyValue>
<FormSection> <FormSection>
@ -53,7 +53,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<template #label>{{ i18n.ts.serverRules }}</template> <template #label>{{ i18n.ts.serverRules }}</template>
<ol class="_gaps_s" :class="$style.rules"> <ol class="_gaps_s" :class="$style.rules">
<li v-for="item, index in instance.serverRules" :key="index" :class="$style.rule"><div :class="$style.ruleText" v-html="item"></div></li> <li v-for="item, index in instance.serverRules" :key="index" :class="$style.rule"><div :class="$style.ruleText" v-html="sanitizeHtml(item)"></div></li>
</ol> </ol>
</MkFolder> </MkFolder>
<FormLink v-if="instance.tosUrl" :to="instance.tosUrl" external>{{ i18n.ts.termsOfService }}</FormLink> <FormLink v-if="instance.tosUrl" :to="instance.tosUrl" external>{{ i18n.ts.termsOfService }}</FormLink>
@ -105,6 +105,7 @@ SPDX-License-Identifier: AGPL-3.0-only
</template> </template>
<script lang="ts" setup> <script lang="ts" setup>
import sanitizeHtml from 'sanitize-html';
import { computed, watch, ref } from 'vue'; import { computed, watch, ref } from 'vue';
import * as Misskey from 'misskey-js'; import * as Misskey from 'misskey-js';
import XEmojis from './about.emojis.vue'; import XEmojis from './about.emojis.vue';

View file

@ -14,6 +14,6 @@
renote: '@accent', renote: '@accent',
link: '@accent', link: '@accent',
mention: '@accent', mention: '@accent',
hashtag: '#229e82', hashtag: '@accent',
}, },
} }