JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

web: remove sanitizing dependency and restrict v-html

Browse Source 
We decided to remove sanitizing dependency and restrict v-html with 2 exceptions for web/satellite (we control the content in those cases)

Issue:
https://github.com/storj/storj-private/issues/148

Change-Id: Ic6b2e894d20e7f0553f759ede51845a10831e890
This commit is contained in:
Vitalii 2023-03-06 18:19:58 +02:00 committed by Storj Robot
parent d843666606
commit f834622a01
7 changed files with 7 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/multinode/.eslintrc.js
View File

@ -93,7 +93,7 @@ module.exports = {
'storj/vue/require-annotation': 'warn',
'vue/no-v-html': 0,
'vue/no-v-html': ['error'],
},
settings: {
'import/resolver': {

2
web/satellite/.eslintrc.js
View File

@ -89,7 +89,7 @@ module.exports = {
'storj/vue/require-annotation': 'warn',
'vue/no-v-html': 0,
'vue/no-v-html': ['error'],
},
settings: {
'import/resolver': {

125
web/satellite/package-lock.json
View File

@ -74,7 +74,6 @@
"ts-jest": "27.1.4",
"typescript": "4.6.4",
"vue-eslint-parser": "9.0.3",
"vue-sanitize": "0.2.2",
"vue-svg-loader": "0.17.0-beta.2",
"vue-template-compiler": "2.7.10",
"webpack-bundle-analyzer": "4.5.0"
@ -14051,12 +14050,6 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/parse-srcset": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/parse-srcset/-/parse-srcset-1.0.2.tgz",
"integrity": "sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==",
"dev": true
},
"node_modules/parse5": {
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.1.tgz",
@ -15759,60 +15752,6 @@
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
"dev": true
},
"node_modules/sanitize-html": {
"version": "2.7.1",
"resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.7.1.tgz",
"integrity": "sha512-oOpe8l4J8CaBk++2haoN5yNI5beekjuHv3JRPKUx/7h40Rdr85pemn4NkvUB3TcBP7yjat574sPlcMAyv4UQig==",
"dev": true,
"dependencies": {
"deepmerge": "^4.2.2",
"escape-string-regexp": "^4.0.0",
"htmlparser2": "^6.0.0",
"is-plain-object": "^5.0.0",
"parse-srcset": "^1.0.2",
"postcss": "^8.3.11"
}
},
"node_modules/sanitize-html/node_modules/entities": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz",
"integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==",
"dev": true,
"funding": {
"url": "https://github.com/fb55/entities?sponsor=1"
}
},
"node_modules/sanitize-html/node_modules/escape-string-regexp": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
"integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
"dev": true,
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/sanitize-html/node_modules/htmlparser2": {
"version": "6.1.0",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz",
"integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==",
"dev": true,
"funding": [
"https://github.com/fb55/htmlparser2?sponsor=1",
{
"type": "github",
"url": "https://github.com/sponsors/fb55"
}
],
"dependencies": {
"domelementtype": "^2.0.1",
"domhandler": "^4.0.0",
"domutils": "^2.5.2",
"entities": "^2.0.0"
}
},
"node_modules/sass": {
"version": "1.51.0",
"resolved": "https://registry.npmjs.org/sass/-/sass-1.51.0.tgz",
@ -18065,15 +18004,6 @@
"resolved": "https://registry.npmjs.org/vue-router/-/vue-router-3.5.3.tgz",
"integrity": "sha512-FUlILrW3DGitS2h+Xaw8aRNvGTwtuaxrRkNSHWTizOfLUie7wuYwezeZ50iflRn8YPV5kxmU2LQuu3nM/b3Zsg=="
},
"node_modules/vue-sanitize": {
"version": "0.2.2",
"resolved": "https://registry.npmjs.org/vue-sanitize/-/vue-sanitize-0.2.2.tgz",
"integrity": "sha512-dj4bgP2C1QoNvzRKniOXEpk3fezEGE4bG7AXhnsB351B+iCOw845RWr2qRFjpF+Rs9v7Itn3vU4GIihIjzangg==",
"dev": true,
"dependencies": {
"sanitize-html": "^2.7.0"
}
},
"node_modules/vue-style-loader": {
"version": "4.1.3",
"resolved": "https://registry.npmjs.org/vue-style-loader/-/vue-style-loader-4.1.3.tgz",
@ -29676,12 +29606,6 @@
"lines-and-columns": "^1.1.6"
}
},
"parse-srcset": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/parse-srcset/-/parse-srcset-1.0.2.tgz",
"integrity": "sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==",
"dev": true
},
"parse5": {
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.1.tgz",
@ -30863,46 +30787,6 @@
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
"dev": true
},
"sanitize-html": {
"version": "2.7.1",
"resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.7.1.tgz",
"integrity": "sha512-oOpe8l4J8CaBk++2haoN5yNI5beekjuHv3JRPKUx/7h40Rdr85pemn4NkvUB3TcBP7yjat574sPlcMAyv4UQig==",
"dev": true,
"requires": {
"deepmerge": "^4.2.2",
"escape-string-regexp": "^4.0.0",
"htmlparser2": "^6.0.0",
"is-plain-object": "^5.0.0",
"parse-srcset": "^1.0.2",
"postcss": "^8.3.11"
},
"dependencies": {
"entities": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz",
"integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==",
"dev": true
},
"escape-string-regexp": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
"integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
"dev": true
},
"htmlparser2": {
"version": "6.1.0",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz",
"integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==",
"dev": true,
"requires": {
"domelementtype": "^2.0.1",
"domhandler": "^4.0.0",
"domutils": "^2.5.2",
"entities": "^2.0.0"
}
}
}
},
"sass": {
"version": "1.51.0",
"resolved": "https://registry.npmjs.org/sass/-/sass-1.51.0.tgz",
@ -32605,15 +32489,6 @@
"resolved": "https://registry.npmjs.org/vue-router/-/vue-router-3.5.3.tgz",
"integrity": "sha512-FUlILrW3DGitS2h+Xaw8aRNvGTwtuaxrRkNSHWTizOfLUie7wuYwezeZ50iflRn8YPV5kxmU2LQuu3nM/b3Zsg=="
},
"vue-sanitize": {
"version": "0.2.2",
"resolved": "https://registry.npmjs.org/vue-sanitize/-/vue-sanitize-0.2.2.tgz",
"integrity": "sha512-dj4bgP2C1QoNvzRKniOXEpk3fezEGE4bG7AXhnsB351B+iCOw845RWr2qRFjpF+Rs9v7Itn3vU4GIihIjzangg==",
"dev": true,
"requires": {
"sanitize-html": "^2.7.0"
}
},
"vue-style-loader": {
"version": "4.1.3",
"resolved": "https://registry.npmjs.org/vue-style-loader/-/vue-style-loader-4.1.3.tgz",

1
web/satellite/package.json
View File

@ -79,7 +79,6 @@
"ts-jest": "27.1.4",
"typescript": "4.6.4",
"vue-eslint-parser": "9.0.3",
"vue-sanitize": "0.2.2",
"vue-svg-loader": "0.17.0-beta.2",
"vue-template-compiler": "2.7.10",
"webpack-bundle-analyzer": "4.5.0"

2
web/satellite/src/main.ts
View File

@ -3,7 +3,6 @@
import Vue from 'vue';
import VueClipboard from 'vue-clipboard2';
import VueSanitize from 'vue-sanitize';
import { createPinia, PiniaVuePlugin } from 'pinia';
import App from './App.vue';
@ -23,7 +22,6 @@ Vue.config.productionTip = false;
Vue.use(new NotificatorPlugin(store));
Vue.use(VueClipboard);
Vue.use(VueSanitize);
Vue.use(PiniaVuePlugin);
const pinia = createPinia();

14
web/satellite/src/views/registration/RegisterArea.vue
View File

@ -28,11 +28,8 @@
<h1 class="register-area__intro-area__title">{{ viewConfig.title }}</h1>
<p v-if="viewConfig.description" class="register-area__intro-area__sub-title">{{ viewConfig.description }}</p>
<div class="register-area__intro-area__large-content">
<div
v-if="viewConfig.customHtmlDescription"
class="register-area__intro-area__large-content__custom-html-container"
v-html="$sanitize(viewConfig.customHtmlDescription)"
/>
<!-- eslint-disable-next-line vue/no-v-html -->
<div v-if="viewConfig.customHtmlDescription" class="register-area__intro-area__large-content__custom-html-container" v-html="viewConfig.customHtmlDescription" />
<div v-if="!!viewConfig.partnerLogoBottomUrl" class="register-area__logo-wrapper bottom">
<div class="register-area__logo-wrapper__container">
<img :src="viewConfig.partnerLogoBottomUrl" :srcset="viewConfig.partnerLogoBottomUrl" alt="partner logo" class="register-area__logo-wrapper__logo wide">
@ -267,11 +264,8 @@
</div>
</div>
<div class="register-area__container__mobile-content">
<div
v-if="viewConfig.customHtmlDescription"
class="register-area__container__mobile-content__custom-html-container"
v-html="$sanitize(viewConfig.customHtmlDescription)"
/>
<!-- eslint-disable-next-line vue/no-v-html -->
<div v-if="viewConfig.customHtmlDescription" class="register-area__container__mobile-content__custom-html-container" v-html="viewConfig.customHtmlDescription" />
<div v-if="!!viewConfig.partnerLogoBottomUrl" class="register-area__logo-wrapper">
<div class="register-area__logo-wrapper__container">
<img :src="viewConfig.partnerLogoBottomUrl" :srcset="viewConfig.partnerLogoBottomUrl" alt="partner logo" class="register-area__logo-wrapper__logo wide">

2
web/storagenode/.eslintrc.js
View File

@ -93,7 +93,7 @@ module.exports = {
'storj/vue/require-annotation': 'warn',
'vue/no-v-html': 0,
'vue/no-v-html': ['error'],
},
settings: {
'import/resolver': {