Cutlery/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-05-24 01:12:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
mealie/frontend/components/Domain/Recipe/RecipeNotes.vue
Hayden 13850cda1f
security: multiple reported CVE fixes (#1515) 
* update out of date license

* update typing / refactor

* fix arbitrarty path injection

* use markdown sanatizer to prevent XSS CWE-79

* fix CWE-918 SSRF by validating url and mime type

* add security docs

* update recipe-scrapers

* resolve DOS from arbitrary url

* update changelog

* bump version

* add ref to #1506

* add #1511 to changelog

* use requests decoder

* actually fix encoding issue
2022-07-31 13:10:20 -08:00

66 lines
1.7 KiB
Vue
Raw Blame History

<template>
<div v-if="value.length > 0 || edit" class="mt-8">
<h2 class="my-4">{{ $t("recipe.note") }}</h2>
<div v-for="(note, index) in value" :key="'note' + index" class="mt-1">
<v-card v-if="edit">
<v-card-text>
<div class="d-flex align-center">
<v-text-field v-model="value[index]['title']" :label="$t('recipe.title')" />
<v-btn icon class="mr-2" elevation="0" @click="removeByIndex(value, index)">
<v-icon>{{ $globals.icons.delete }}</v-icon>
</v-btn>
</div>
<v-textarea v-model="value[index]['text']" auto-grow :placeholder="$t('recipe.note')" />
</v-card-text>
</v-card>
<div v-else>
<v-card-title class="text-subtitle-1 font-weight-medium py-1">
{{ note.title }}
</v-card-title>
<v-card-text>
<SafeMarkdown :source="note.text" />
</v-card-text>
</div>
</div>
<div v-if="edit" class="d-flex justify-end">
<BaseButton class="ml-auto my-2" @click="addNote"> {{ $t("general.new") }}</BaseButton>
</div>
</div>
</template>
<script lang="ts">
import { defineComponent } from "@nuxtjs/composition-api";
import { RecipeNote } from "~/types/api-types/recipe";
export default defineComponent({
props: {
value: {
type: Array as () => RecipeNote[],
required: true,
},
edit: {
type: Boolean,
default: true,
},
},
setup(props) {
function addNote() {
props.value.push({ title: "", text: "" });
}
function removeByIndex(list: unknown[], index: number) {
list.splice(index, 1);
}
return {
addNote,
removeByIndex,
};
},
});
</script>
<style></style>
Reference in New Issue View Git Blame Copy Permalink