Skip to content

Commit

Permalink
chore: sanitize text area
Browse files Browse the repository at this point in the history
  • Loading branch information
@acnormun
acnormun committed Jan 31, 2025
1 parent 12b261a commit 7e571e2
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 14 deletions.
13 changes: 9 additions & 4 deletions src/components/FormElement/FormElement.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
},
]"
>
{{ label }}
{{ sanitizedValue(label) }}
</p>

<slot></slot>
Expand All @@ -28,7 +28,7 @@
scheme="aux-red-500"
/>

{{ error }}
{{ sanitizedValue(error) }}
</template>

<span
Expand All @@ -43,7 +43,7 @@
v-if="message || !!$slots.rightMessage"
class="unnnic-form-element__message"
>
{{ message }}
{{ sanitizedValue(message) }}

<span
v-if="!shouldShowErrorSection && !!$slots.rightMessage"
Expand All @@ -57,7 +57,7 @@

<script>
import UnnnicIcon from '../../components/Icon.vue';
import { escapeHtml } from '../../utils/sanitize';
export default {
components: {
UnnnicIcon,
Expand Down Expand Up @@ -93,6 +93,11 @@ export default {
return this.error && (this.error !== true || !!this.$slots.rightMessage);
},
},
methods: {
sanitizedValue(value) {
return escapeHtml(value);
}
}
};
</script>

Expand Down
10 changes: 8 additions & 2 deletions src/components/Input/BaseInput.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,23 @@
v-if="mask"
v-mask="mask"
v-bind="attributes"
:value="modelValue"
:value="sanitizedValue(modelValue)"
:class="classes"
:type="nativeType"
/>

<input
v-else
v-bind="attributes"
:value="modelValue"
:value="sanitizedValue(modelValue)"
:class="classes"
:type="nativeType"
/>
</template>

<script>
import { mask } from 'vue-the-mask';
import { escapeHtml } from '../../utils/sanitize';
export default {
directives: { mask },
Expand Down Expand Up @@ -76,6 +77,11 @@ export default {
];
},
},
methods: {
sanitizedValue(value) {
return escapeHtml(value);
}
}
};
</script>

Expand Down
5 changes: 1 addition & 4 deletions src/components/Input/Input.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
v-bind="$attrs"
v-model="val"
class="unnnic-form-input"
:placeholder="sanitizedPlaceholder"
:placeholder="placeholder"
:iconLeft="iconLeft"
:iconRight="iconRight"
:type="type"
Expand Down Expand Up @@ -123,9 +123,6 @@ export default {
sanitizedMessage(){
return escapeHtml(this.message)
},
sanitizedPlaceholder(){
return escapeHtml(this.placeholder)
}
},
watch: {
val() {
Expand Down
8 changes: 6 additions & 2 deletions src/components/TextArea/TextArea.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
`unnnic-text-area__textarea--size-${size}`,
`unnnic-text-area__textarea--type-${type}`,
]"
:placeholder="placeholder"
:placeholder="sanitizedValue(placeholder)"
:maxlength="maxLength"
:disabled="disabled"
:value="modelValue"
@input="$emit('update:modelValue', $event.target.value)"
@input="$emit('update:modelValue', sanitizedValue($event.target.value))"
></textarea>

<template
Expand All @@ -29,6 +29,7 @@
</template>

<script>
import { escapeHtml } from '../../utils/sanitize';
import UnnnicFormElement from '../FormElement/FormElement.vue';
export default {
Expand Down Expand Up @@ -86,6 +87,9 @@ export default {
focus() {
this.$refs.textarea.focus();
},
sanitizedValue(value) {
return escapeHtml(value);
}
},
};
</script>
Expand Down
4 changes: 2 additions & 2 deletions src/stories/TextArea.stories.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ export default {

export const Default = {
args: {
label: 'Label',
placeholder: 'Placeholder',
label: 'Label <div> aaaa',
placeholder: 'Placeholder <div> aaaa',
maxLength: 150,
disabled: false,
type: 'normal',
Expand Down

0 comments on commit 7e571e2

Please sign in to comment.