Use v-safe-html in project_list_item.vue

Changelog: security

Use v-safe-html in project_list_item.vue
Changelog: security
14c07dd9 · Fall1ngStar · 0f316f43 · 14c07dd9
Commit 14c07dd9 authored Sep 20, 2021 by Fall1ngStar
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

app/assets/javascripts/vue_shared/components/project_selector/project_list_item.vue ..._shared/components/project_selector/project_list_item.vue +3 -2

No files found.
--- a/app/assets/javascripts/vue_shared/components/project_selector/project_list_item.vue
+++ b/app/assets/javascripts/vue_shared/components/project_selector/project_list_item.vue
 <script>
-import { GlButton, GlIcon } from '@gitlab/ui';
+import { GlButton, GlIcon, GlSafeHtmlDirective as SafeHtml } from '@gitlab/ui';
 import { isString } from 'lodash';
 import highlight from '~/lib/utils/highlight';
 import { truncateNamespace } from '~/lib/utils/text_utility';
@@ -8,6 +8,7 @@ import ProjectAvatar from '~/vue_shared/components/deprecated_project_avatar/def
 export default {
  name: 'ProjectListItem',
  components: { GlIcon, ProjectAvatar, GlButton },
+  directives: { SafeHtml },
  props: {
    project: {
      type: Object,
@@ -58,9 +59,9 @@ export default {
        <span v-if="truncatedNamespace" class="text-secondary">/&nbsp;</span>
      </div>
      <div
+        v-safe-html="highlightedProjectName"
        :title="project.name"
        class="js-project-name text-truncate"
-        v-html="highlightedProjectName /* eslint-disable-line vue/no-v-html */"
      ></div>
    </div>
  </gl-button>