fix(core): Do not use `v-html` for translation output

The content that can be renderered does *not* include HTML (see `recommended` object). But `v-html` was used, this is potentially dangerous, even though we sanitize the translation values, so no urgent harm but better safe than sorry. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-11-18 14:31:05 +07:00 · 2024-11-18 14:31:05 +07:00 · 52769a47ed
parent fb75e2de78
commit 52769a47ed
1 changed files with 1 additions and 1 deletions
--- a/core/src/components/setup/RecommendedApps.vue
+++ b/core/src/components/setup/RecommendedApps.vue
@ -18,7 +18,7 @@
 				<img :src="customIcon(app.id)" alt="">
 				<div class="info">
 					<h3>{{ customName(app) }}</h3>
-					<p v-html="customDescription(app.id)" />
+					<p v-text="customDescription(app.id)" />
 					<p v-if="app.installationError">
 						<strong>{{ t('core', 'App download or installation failed') }}</strong>
 					</p>