saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-10 18:55:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update admin interface (#4737)

Browse Source 
- Updated datatables
- Set Cookie Secure flag if the connection is https
- Prevent possible XSS via Organization Name
  Converted all `innerHTML` and `innerText` to the Safe Sink version `textContent`
- Removed `jsesc` function as handlebars escapes all these chars already and more by default
This commit is contained in:
Mathijs van Veluw
2024-07-12 22:59:48 +02:00
committed by GitHub
parent 035f694d2f
commit 54bfcb8bc3
11 changed files with 95 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/static/scripts/admin_settings.js vendored
View File

@@ -122,7 +122,7 @@ function submitTestEmailOnEnter() {
function colorRiskSettings() {
const risk_items = document.getElementsByClassName("col-form-label");
Array.from(risk_items).forEach((el) => {
if (el.innerText.toLowerCase().includes("risks") ) {
if (el.textContent.toLowerCase().includes("risks") ) {
el.parentElement.className += " alert-danger";
}
});