diff options
Diffstat (limited to 'client/components/activities/activities.js')
-rw-r--r-- | client/components/activities/activities.js | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/client/components/activities/activities.js b/client/components/activities/activities.js index 5d356f6e..b6635da1 100644 --- a/client/components/activities/activities.js +++ b/client/components/activities/activities.js @@ -1,3 +1,5 @@ +import sanitizeXss from 'xss'; + const activitiesPerPage = 20; BlazeComponent.extendComponent({ @@ -57,7 +59,7 @@ BlazeComponent.extendComponent({ return checkItem && checkItem.title; }, - boardLabel() { + boardLabelLink() { const data = this.currentData(); if (data.mode !== 'board') { return createBoardLink(data.activity.board(), data.activity.listName); @@ -65,10 +67,10 @@ BlazeComponent.extendComponent({ return TAPi18n.__('this-board'); }, - cardLabel() { + cardLabelLink() { const data = this.currentData(); if (data.mode !== 'card') { - return createCardLink(this.currentData().activity.card()); + return createCardLink(data.activity.card()); } return TAPi18n.__('this-card'); }, @@ -134,11 +136,11 @@ BlazeComponent.extendComponent({ { href: source.url, }, - source.system, + sanitizeXss(source.system), ), ); } else { - return source.system; + return sanitizeXss(source.system); } } return null; @@ -162,10 +164,10 @@ BlazeComponent.extendComponent({ href: attachment.url({ download: true }), target: '_blank', }, - attachment.name(), + sanitizeXss(attachment.name()), ), )) || - this.currentData().activity.attachmentName + sanitizeXss(this.currentData().activity.attachmentName) ); }, @@ -202,7 +204,15 @@ BlazeComponent.extendComponent({ }, }).register('activity'); +Template.activity.helpers({ + sanitize(value) { + return sanitizeXss(value); + }, +}); + function createCardLink(card) { + if (!card) + return ''; return ( card && Blaze.toHTML( @@ -211,7 +221,7 @@ function createCardLink(card) { href: card.absoluteUrl(), class: 'action-card', }, - card.title, + sanitizeXss(card.title), ), ) ); @@ -228,7 +238,7 @@ function createBoardLink(board, list) { href: board.absoluteUrl(), class: 'action-board', }, - text, + sanitizeXss(text), ), ) ); |