Docker/mealie
Docker/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-08-02 20:15:24 +02:00
Code Issues Releases Activity

security: multiple reported CVE fixes (#1515)

Browse source 
* update out of date license

* update typing / refactor

* fix arbitrarty path injection

* use markdown sanatizer to prevent XSS CWE-79

* fix CWE-918 SSRF by validating url and mime type

* add security docs

* update recipe-scrapers

* resolve DOS from arbitrary url

* update changelog

* bump version

* add ref to #1506

* add #1511 to changelog

* use requests decoder

* actually fix encoding issue
This commit is contained in:
Hayden 2022-07-31 13:10:20 -08:00 committed by GitHub
parent 483f789b8e
commit 13850cda1f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 401 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

8
frontend/pages/recipe/_slug/index.vue
View file

@ -17,7 +17,7 @@
<RecipeRating :key="recipe.slug" :value="recipe.rating" :name="recipe.name" :slug="recipe.slug" />
</v-card-title>
<v-divider class="my-2"></v-divider>
<VueMarkdown :source="recipe.description"> </VueMarkdown>
<SafeMarkdown :source="recipe.description" />
<v-divider></v-divider>
<div class="d-flex justify-center mt-5">
<RecipeTimeCard
@ -81,7 +81,7 @@
<v-card-title class="px-0 py-2 ma-0 headline">
{{ recipe.name }}
</v-card-title>
<VueMarkdown :source="recipe.description"> </VueMarkdown>
<SafeMarkdown :source="recipe.description" />
<div class="pb-2 d-flex justify-center flex-wrap">
<RecipeTimeCard
@ -465,8 +465,6 @@ import {
useRouter,
onMounted,
} from "@nuxtjs/composition-api";
// @ts-ignore vue-markdown has no types
import VueMarkdown from "@adapttive/vue-markdown";
import draggable from "vuedraggable";
import { invoke, until, useWakeLock } from "@vueuse/core";
import { onUnmounted } from "vue-demi";
@ -494,7 +492,6 @@ import { Recipe } from "~/types/api-types/recipe";
import { uuid4, deepCopy } from "~/composables/use-utils";
import { useRouteQuery } from "~/composables/use-router";
import { useToolStore } from "~/composables/store";
export default defineComponent({
components: {
draggable,
@ -520,7 +517,6 @@ export default defineComponent({
RecipeTimeCard,
RecipeTools,
RecipeScaleEditButton,
VueMarkdown,
},
async beforeRouteLeave(_to, _from, next) {
const isSame = JSON.stringify(this.recipe) === JSON.stringify(this.originalRecipe);