GithubHelp home page GithubHelp logo

Comments (5)

jonesde avatar jonesde commented on June 18, 2024 1

There is now a fix in place for the label and link elements for the qvt (/qapps) and vuet (/vapps) render modes. See this commit in moqui-runtime:

moqui/moqui-runtime@28454b4

From a bit of research the best solution seems to be adding the v-pre attribute to an element wrapping the text so that the text is not interpreted by Vue JS, avoiding the template injection issue and resulting in the text just being displayed.

There does not seem to be a way to encode the text so that it is not interpreted. This means that for any custom Vue templates, or any other places in the framework we discover over time, the v-pre attribute will need to be adding (possibly in a wrapping span element like I did for the link macros so that it doesn't break the intended parts of the template because it seems to disable Vue template interpretation for the element with a v-pre attribute as well as the contents of the element!).

This fixes the issue for the Product Store screen and various others. If you find any other places this happens please let me know, in this issue or another one.

from moqui-framework.

Narmu-1 avatar Narmu-1 commented on June 18, 2024

Hello @jonesde is this a valid bug? how to fix it?

from moqui-framework.

acetousk avatar acetousk commented on June 18, 2024

Was able to reproduce. Thank you @Narmu-1 for figuring this out!

from moqui-framework.

acetousk avatar acetousk commented on June 18, 2024

How to fix this is another question. Some ideas are server side validation of {{ or }} (handling potential whitespace) for all fields by default, add server side escaping for { and } characters such as https://v2.vuejs.org/v2/guide/security#HTML-content, or/and changing the ftl templates to sanitize output characters.

from moqui-framework.

Narmu-1 avatar Narmu-1 commented on June 18, 2024

thanks @acetousk for confirming. Can you please assign the labels for this issue.
Regards.

from moqui-framework.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.