Merge pull request #12 from guillaumebriday/fix/xss-vuejs

Fix/xss vuejs
guillaumebriday · Feb 26, 2018 · 6d26151 · 6d26151
2 parents cca7d65 + 8fadb39
commit 6d26151
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 23 deletions.
diff --git a/resources/views/admin/layouts/app.blade.php b/resources/views/admin/layouts/app.blade.php
@@ -18,19 +18,17 @@
     <link href="{{ mix('/css/admin.css') }}" rel="stylesheet">
 </head>
 <body class="admin-body bg-dark">
-    <div id="app">
-        @include('admin/shared/navbar')
+    @include('admin/shared/navbar')
 
-        <div class="content-wrapper bg-light">
-            <div class="container-fluid">
-                <div class="row">
-                    <div class="col">
-                        @include('shared/alerts')
+    <div class="content-wrapper bg-light">
+        <div class="container-fluid">
+            <div class="row">
+                <div class="col">
+                    @include('shared/alerts')
 
-                        <div class="card">
-                            <div class="card-body">
-                                @yield('content')
-                            </div>
+                    <div class="card">
+                        <div class="card-body">
+                            @yield('content')
                         </div>
                     </div>
                 </div>

diff --git a/resources/views/posts/_show.blade.php b/resources/views/posts/_show.blade.php
@@ -6,10 +6,11 @@
   @endif
 
   <div class="card-body">
-    <h4 class="card-title">{{ link_to_route('posts.show', $post->title, $post) }}</h4>
+    <h4 v-pre class="card-title">{{ link_to_route('posts.show', $post->title, $post) }}</h4>
+
+    <p class="card-text"><small v-pre class="text-muted">{{ link_to_route('users.show', $post->author->fullname, $post->author) }}</small></p>
+    <div v-pre class="card-text post-content">{!! $post->content !!}</div>
 
-    <p class="card-text"><small class="text-muted">{{ link_to_route('users.show', $post->author->fullname, $post->author) }}</small></p>
-    <div class="card-text post-content">{!! $post->content !!}</div>
     <p class="card-text">
       <small class="text-muted">{{ humanize_date($post->posted_at) }}</small><br>
       <small class="text-muted">

diff --git a/resources/views/posts/show.blade.php b/resources/views/posts/show.blade.php
@@ -6,14 +6,14 @@
       {{ Html::image($post->thumbnail()->url, $post->thumbnail()->original_filename, ['class' => 'img-fluid rounded']) }}
     @endif
 
-    <h1>{{ $post->title }}</h1>
+    <h1 v-pre>{{ $post->title }}</h1>
 
     <div class="mb-3">
-      <small class="text-muted">{{ link_to_route('users.show', $post->author->fullname, $post->author) }}</small>,
+      <small v-pre class="text-muted">{{ link_to_route('users.show', $post->author->fullname, $post->author) }}</small>,
       <small class="text-muted">{{ humanize_date($post->posted_at) }}</small>
     </div>
 
-    <div class="post-content">
+    <div v-pre class="post-content">
       {!! $post->content !!}
     </div>
 

diff --git a/resources/views/shared/navbar.blade.php b/resources/views/shared/navbar.blade.php
@@ -23,7 +23,7 @@
                     <li class="nav-item">{{ link_to_route('register', __('auth.register'), [], ['class' => 'nav-link']) }}</li>
                 @else
                     <li class="nav-item dropdown">
-                        <a href="#" class="nav-link dropdown-toggle" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                        <a v-pre href="#" class="nav-link dropdown-toggle" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                             {{ Auth::user()->name }}
                         </a>
 

diff --git a/resources/views/users/_comment.blade.php b/resources/views/users/_comment.blade.php
@@ -1,10 +1,10 @@
 <div class="card mb-2">
   <div class="card-body">
     <div class="card-title">
-      @lang('comments.posted_on') <a href="{{ route('posts.show', $comment->post) }}">{{ $comment->post->title }}</a>
+      @lang('comments.posted_on') <a v-pre href="{{ route('posts.show', $comment->post) }}">{{ $comment->post->title }}</a>
     </div>
 
-    <p class="card-text">{{ $comment->content }}</p>
+    <p v-pre class="card-text">{{ $comment->content }}</p>
     <p class="card-text">
       <small class="text-muted">{{ humanize_date($comment->posted_at) }}</small>
     </p>

diff --git a/resources/views/users/_post.blade.php b/resources/views/users/_post.blade.php
@@ -1,10 +1,10 @@
 <div class="card mb-2">
   <div class="card-body">
-    <h4 class="card-title">
+    <h4 v-pre class="card-title">
       {{ link_to_route('posts.show', $post->title, $post) }}
     </h4>
 
-    <div class="card-text post-content">{!! $post->content !!}</div>
+    <div v-pre class="card-text post-content">{!! $post->content !!}</div>
     <p class="card-text">
       <small class="text-muted">{{ humanize_date($post->posted_at) }}</small><br>
       <small class="text-muted">

diff --git a/resources/views/users/show.blade.php b/resources/views/users/show.blade.php
@@ -5,7 +5,7 @@
     <div class="col-md-12">
       <div class="card mb-2">
         <div class="card-body text-center">
-          <h2 class="card-title mb-0">{{ $user->name }}</h2>
+          <h2 v-pre class="card-title mb-0">{{ $user->name }}</h2>
           <small class="card-subtitle mb-2 text-muted">{{ $user->email }}</small>
 
           <div class="card-text row mt-3">