fixed missed v-html xss warning vulnerability

2026-05-21 05:52:18 +00:00 · 2026-04-18 19:12:17 -05:00
parent 749e2c5c88
commit f809ae192b
1 changed files with 12 additions and 4 deletions
--- a/frontend/src/components/settings/Security.vue
+++ b/frontend/src/components/settings/Security.vue
@@ -94,10 +94,18 @@
        <TwoFADialog ref="TwoFADialog" />

        <Confirm ref="confirmDisableAuth" btn-style="btn-danger" :yes-text="$t('I understand, please disable')" :no-text="$t('Leave')" @yes="disableAuth">
-            <!-- eslint-disable-next-line vue/no-v-html -->
-            <p v-html="$t('disableauth.message1')"></p>
-            <!-- eslint-disable-next-line vue/no-v-html -->
-            <p v-html="$t('disableauth.message2')"></p>
+            <i18n-t keypath="disableauth.message1" tag="p">
+                <template #disableAuth>
+                    <strong>{{ $t('disableAuth') }}</strong>
+                </template>
+            </i18n-t>
+
+            <i18n-t keypath="disableauth.message2" tag="p">
+                <template #scenarios>
+                    <strong>{{ $t('scenarios') }}</strong>
+                </template>
+            </i18n-t>
+
            <p>{{ $t("Please use this option carefully!") }}</p>

            <div class="mb-3">