mirror of
https://github.com/ahmadk953/tasko.git
synced 2025-01-31 00:53:37 +00:00
Fixed XSS Vulnerability in Image Selector
This commit is contained in:
Ahmad
parent
b2a08879d1
commit
a050779523
3 changed files with 30 additions and 1 deletions
|
|
@ -1,5 +1,6 @@
|
||||||
'use client';
|
'use client';
|
||||||
|
|
||||||
|
import DOMPurify from 'dompurify';
|
||||||
import Image from 'next/image';
|
import Image from 'next/image';
|
||||||
import Link from 'next/link';
|
import Link from 'next/link';
|
||||||
|
|
||||||
|
|
@ -90,7 +91,8 @@ export const FormPicker = ({ id, errors }: FormPickerProps) => {
|
||||||
)}
|
)}
|
||||||
<Link
|
<Link
|
||||||
href={
|
href={
|
||||||
image.user.links.html + '?utm_source=Tasko&utm_medium=referral'
|
DOMPurify.sanitize(image.user.links.html) +
|
||||||
|
'?utm_source=Tasko&utm_medium=referral'
|
||||||
}
|
}
|
||||||
target='_blank'
|
target='_blank'
|
||||||
className='absolute bottom-0 w-full truncate bg-black/50 p-1 text-[10px] text-white opacity-0 hover:underline group-hover:opacity-100'
|
className='absolute bottom-0 w-full truncate bg-black/50 p-1 text-[10px] text-white opacity-0 hover:underline group-hover:opacity-100'
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@
|
||||||
"class-variance-authority": "^0.7.0",
|
"class-variance-authority": "^0.7.0",
|
||||||
"clsx": "^2.1.1",
|
"clsx": "^2.1.1",
|
||||||
"date-fns": "^4.1.0",
|
"date-fns": "^4.1.0",
|
||||||
|
"dompurify": "^3.1.7",
|
||||||
"eslint-plugin-react-compiler": "0.0.0-experimental-7670337-20240918",
|
"eslint-plugin-react-compiler": "0.0.0-experimental-7670337-20240918",
|
||||||
"lodash": "^4.17.21",
|
"lodash": "^4.17.21",
|
||||||
"lucide-react": "^0.451.0",
|
"lucide-react": "^0.451.0",
|
||||||
|
|
@ -54,6 +55,7 @@
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@microsoft/eslint-formatter-sarif": "^3.1.0",
|
"@microsoft/eslint-formatter-sarif": "^3.1.0",
|
||||||
"@next/eslint-plugin-next": "^14.2.15",
|
"@next/eslint-plugin-next": "^14.2.15",
|
||||||
|
"@types/dompurify": "^3",
|
||||||
"@types/lodash": "^4.17.10",
|
"@types/lodash": "^4.17.10",
|
||||||
"@types/node": "^22.7.5",
|
"@types/node": "^22.7.5",
|
||||||
"@types/react": "npm:types-react@rc",
|
"@types/react": "npm:types-react@rc",
|
||||||
|
|
|
||||||
25
yarn.lock
25
yarn.lock
|
|
@ -1677,6 +1677,15 @@ __metadata:
|
||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"@types/dompurify@npm:^3":
|
||||||
|
version: 3.0.5
|
||||||
|
resolution: "@types/dompurify@npm:3.0.5"
|
||||||
|
dependencies:
|
||||||
|
"@types/trusted-types": "npm:*"
|
||||||
|
checksum: 10c0/a34dcc4498ca250815ccf9aecbe82df96ba5db247d0440cf266a876757d47c52519c240db3475e794d7deb0d6b1af23328e02879be368ad0e26b20c0f0865dba
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"@types/istanbul-lib-coverage@npm:*, @types/istanbul-lib-coverage@npm:^2.0.0":
|
"@types/istanbul-lib-coverage@npm:*, @types/istanbul-lib-coverage@npm:^2.0.0":
|
||||||
version: 2.0.6
|
version: 2.0.6
|
||||||
resolution: "@types/istanbul-lib-coverage@npm:2.0.6"
|
resolution: "@types/istanbul-lib-coverage@npm:2.0.6"
|
||||||
|
|
@ -1770,6 +1779,13 @@ __metadata:
|
||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"@types/trusted-types@npm:*":
|
||||||
|
version: 2.0.7
|
||||||
|
resolution: "@types/trusted-types@npm:2.0.7"
|
||||||
|
checksum: 10c0/4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"@types/use-sync-external-store@npm:^0.0.3":
|
"@types/use-sync-external-store@npm:^0.0.3":
|
||||||
version: 0.0.3
|
version: 0.0.3
|
||||||
resolution: "@types/use-sync-external-store@npm:0.0.3"
|
resolution: "@types/use-sync-external-store@npm:0.0.3"
|
||||||
|
|
@ -2863,6 +2879,13 @@ __metadata:
|
||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"dompurify@npm:^3.1.7":
|
||||||
|
version: 3.1.7
|
||||||
|
resolution: "dompurify@npm:3.1.7"
|
||||||
|
checksum: 10c0/fcceef2e9f824d712a056fa699b0538f3337f5cf00ccb7227bdc7eba5463823e15d9aecc00a2fd81c726b28a71e7b09f0eb8a2fde1021c40e35f12dc67b66394
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"dot-case@npm:^3.0.4":
|
"dot-case@npm:^3.0.4":
|
||||||
version: 3.0.4
|
version: 3.0.4
|
||||||
resolution: "dot-case@npm:3.0.4"
|
resolution: "dot-case@npm:3.0.4"
|
||||||
|
|
@ -6298,6 +6321,7 @@ __metadata:
|
||||||
"@radix-ui/react-slot": "npm:^1.1.0"
|
"@radix-ui/react-slot": "npm:^1.1.0"
|
||||||
"@radix-ui/react-tooltip": "npm:^1.1.3"
|
"@radix-ui/react-tooltip": "npm:^1.1.3"
|
||||||
"@tanstack/react-query": "npm:^5.59.9"
|
"@tanstack/react-query": "npm:^5.59.9"
|
||||||
|
"@types/dompurify": "npm:^3"
|
||||||
"@types/lodash": "npm:^4.17.10"
|
"@types/lodash": "npm:^4.17.10"
|
||||||
"@types/node": "npm:^22.7.5"
|
"@types/node": "npm:^22.7.5"
|
||||||
"@types/react": "npm:types-react@rc"
|
"@types/react": "npm:types-react@rc"
|
||||||
|
|
@ -6311,6 +6335,7 @@ __metadata:
|
||||||
class-variance-authority: "npm:^0.7.0"
|
class-variance-authority: "npm:^0.7.0"
|
||||||
clsx: "npm:^2.1.1"
|
clsx: "npm:^2.1.1"
|
||||||
date-fns: "npm:^4.1.0"
|
date-fns: "npm:^4.1.0"
|
||||||
|
dompurify: "npm:^3.1.7"
|
||||||
eslint: "npm:^8.57.0"
|
eslint: "npm:^8.57.0"
|
||||||
eslint-config-next: "npm:^15.0.0-rc.0"
|
eslint-config-next: "npm:^15.0.0-rc.0"
|
||||||
eslint-config-prettier: "npm:^9.1.0"
|
eslint-config-prettier: "npm:^9.1.0"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue