ahmadk953/tasko
1
0
Fork 0
mirror of https://github.com/ahmadk953/tasko.git synced 2025-05-01 03:09:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed XSS Vulnerability in Image Selector

Browse source
This commit is contained in:
Ahmad 2024-10-13 23:42:12 -04:00
parent b2a08879d1
commit a050779523
No known key found for this signature in database
GPG key ID: 8FD8A93530D182BF
3 changed files with 30 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
components/form/form-picker.tsx
View file

@ -1,5 +1,6 @@
'use client';
import DOMPurify from 'dompurify';
import Image from 'next/image';
import Link from 'next/link';
@ -90,7 +91,8 @@ export const FormPicker = ({ id, errors }: FormPickerProps) => {
)}
<Link
href={
image.user.links.html + '?utm_source=Tasko&utm_medium=referral'
DOMPurify.sanitize(image.user.links.html) +
'?utm_source=Tasko&utm_medium=referral'
}
target='_blank'
className='absolute bottom-0 w-full truncate bg-black/50 p-1 text-[10px] text-white opacity-0 hover:underline group-hover:opacity-100'