Skip to content

Commit

Permalink
sanitize html and fix issues.
Browse files Browse the repository at this point in the history
  • Loading branch information
@shivendra-webkul
shivendra-webkul committed Oct 11, 2024
1 parent 0fa7ce4 commit 9607c54
Show file tree
Hide file tree
Showing 101 changed files with 371 additions and 358 deletions.
1 change: 1 addition & 0 deletions packages/Webkul/Admin/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"@vee-validate/rules": "^4.9.1",
"@vitejs/plugin-vue": "^4.2.3",
"chartjs-chart-funnel": "^4.2.1",
"dompurify": "^3.1.7",
"flatpickr": "^4.6.13",
"mitt": "^3.0.1",
"vee-validate": "^4.9.1",
Expand Down
6 changes: 5 additions & 1 deletion packages/Webkul/Admin/src/DataGrids/Mail/EmailDataGrid.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,11 @@ public function prepareColumns(): void
'searchable' => false,
'filterable' => false,
'sortable' => false,
'closure' => fn ($row) => $row->attachments ? '<i class="icon-attachment text-2xl"></i>' : '',
'closure' => function ($row) {
$emails = app(EmailRepository::class)->find($row->id)->emails()->withCount('attachments')->get();

return $emails->sum('attachments_count');
},
]);

$this->addColumn([
Expand Down
6 changes: 4 additions & 2 deletions packages/Webkul/Admin/src/Resources/assets/js/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,12 +118,14 @@ import VueCal from "./plugins/vue-cal";
VueCal,
].forEach((plugin) => app.use(plugin));


/**
* Global directives.
*/
import Debounce from "./directives/debounce";
import DOMPurify from "./directives/dompurify";

app.directive("debounce", Debounce);
app.directive("safe-html", DOMPurify);

export default app;

export default app;
10 changes: 10 additions & 0 deletions packages/Webkul/Admin/src/Resources/assets/js/directives/dompurify.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
import DOMPurify from 'dompurify';

export default {
beforeMount(el, binding) {
el.innerHTML = DOMPurify.sanitize(binding.value);
},
updated(el, binding) {
el.innerHTML = DOMPurify.sanitize(binding.value);
}
};
2 changes: 1 addition & 1 deletion packages/Webkul/Admin/src/Resources/views/components/activities/index.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ class="dark:text-white"
<p
class="dark:text-white"
v-if="activity.comment"
v-html="activity.comment"
v-safe-html="activity.comment"
></p>

{!! view_render_event('admin.components.activities.content.activity.item.description.after') !!}
Expand Down
8 changes: 5 additions & 3 deletions packages/Webkul/Admin/src/Resources/views/mail/index.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,9 @@ class="icon-checkbox-outline peer-checked:icon-checkbox-select cursor-pointer ro
<!-- Content -->
<div class="flex-frow flex items-center gap-2">
<!-- Attachments -->
<p v-html="record.attachments"></p>
<p v-if="record.attachments > 0">
<i class="icon-attachment text-2xl"></i>
</p>
<!-- Tags -->
<span
Expand All @@ -155,8 +157,8 @@ class="flex items-center gap-1 rounded-md bg-rose-100 px-3 py-1.5 text-xs font-m
<!-- Reply(Content) -->
<p
class="!font-normal"
v-html="truncatedReply(record.reply)"
class="max-w-[600px] truncate !font-normal"
v-text="record.reply"
></p>
</div>
Expand Down
6 changes: 3 additions & 3 deletions packages/Webkul/Admin/src/Resources/views/mail/view.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
@lang('admin::app.mail.view.title')
</div>

<span class="label-active">{{ request('route') }}</span>
<span class="label-active">{{ ucfirst(request('route')) }}</span>

{!! view_render_event('admin.mail.view.tags.before', ['email' => $email]) !!}

Expand Down Expand Up @@ -243,9 +243,9 @@ class="flex cursor-pointer items-center gap-2"
{!! view_render_event('admin.mail.view.mail_body.before', ['email' => $email]) !!}
<!-- Mail Body -->
<div
v-html="email.reply"
<div
class="dark:text-gray-300"
v-safe-html="email.reply"
></div>
{!! view_render_event('admin.mail.view.mail_body.after', ['email' => $email]) !!}
Expand Down
77 changes: 0 additions & 77 deletions public/admin/build/assets/app-116eea9b.js
View file

This file was deleted.

1 change: 0 additions & 1 deletion public/admin/build/assets/app-3d4597c7.css
View file

This file was deleted.

1 change: 1 addition & 0 deletions public/admin/build/assets/app-75c48030.css
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion public/admin/build/assets/app-06ae2a33.css → public/admin/build/assets/app-7974ef6e.css
View file

Large diffs are not rendered by default.

72 changes: 72 additions & 0 deletions public/admin/build/assets/app-dd3149bc.js
View file

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions public/admin/build/assets/ar.es-1c5432ef.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 0 additions & 5 deletions public/admin/build/assets/ar.es-2968a13f.js
View file

This file was deleted.

5 changes: 5 additions & 0 deletions public/admin/build/assets/bg.es-133f1d79.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 0 additions & 5 deletions public/admin/build/assets/bg.es-182cdcb3.js
View file

This file was deleted.

5 changes: 0 additions & 5 deletions public/admin/build/assets/bn.es-3f8773a4.js
View file

This file was deleted.

5 changes: 5 additions & 0 deletions public/admin/build/assets/bn.es-d6f1145b.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions public/admin/build/assets/bs.es-424f8392.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 0 additions & 5 deletions public/admin/build/assets/bs.es-47a220af.js
View file

This file was deleted.

5 changes: 5 additions & 0 deletions public/admin/build/assets/ca.es-10691e62.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 0 additions & 5 deletions public/admin/build/assets/ca.es-47a49a5a.js
View file

This file was deleted.

5 changes: 0 additions & 5 deletions public/admin/build/assets/cs.es-29e50c14.js
View file

This file was deleted.

5 changes: 5 additions & 0 deletions public/admin/build/assets/cs.es-d467a362.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions public/admin/build/assets/da.es-5c82d648.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 0 additions & 5 deletions public/admin/build/assets/da.es-eecb0b06.js
View file

This file was deleted.

5 changes: 0 additions & 5 deletions public/admin/build/assets/de.es-83841cfd.js
View file

This file was deleted.

5 changes: 5 additions & 0 deletions public/admin/build/assets/de.es-fc3d5977.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 9607c54

Please sign in to comment.