diff --git a/app/Http/Controllers/GroupController.php b/app/Http/Controllers/GroupController.php
index ca28014d0..ee5384350 100644
--- a/app/Http/Controllers/GroupController.php
+++ b/app/Http/Controllers/GroupController.php
@@ -376,7 +376,7 @@ public function postSendInvite(Request $request): RedirectResponse
// Don't log to Sentry - legitimate user error.
return redirect()->back()->with('warning', __('groups.invite_success_apart_from', [
- 'emails' => rtrim(implode(', ', $not_sent))
+ 'emails' => e(rtrim(implode(', ', $not_sent)))
]));
}
diff --git a/app/Http/Controllers/PartyController.php b/app/Http/Controllers/PartyController.php
index 3dce9bd2b..1e884a51b 100644
--- a/app/Http/Controllers/PartyController.php
+++ b/app/Http/Controllers/PartyController.php
@@ -704,7 +704,7 @@ public function postSendInvite(Request $request): RedirectResponse
// Don't log to Sentry - legitimate user error.
return redirect()->back()->with('warning', __('events.invite_invalid_emails', [
- 'emails' => implode(', ', $not_sent)
+ 'emails' => e(implode(', ', $not_sent))
]));
}
diff --git a/app/Models/Alert.php b/app/Models/Alert.php
index d4c15b695..9ad283465 100644
--- a/app/Models/Alert.php
+++ b/app/Models/Alert.php
@@ -8,6 +8,7 @@
use Illuminate\Support\Facades\Lang;
use Illuminate\Support\Facades\Log;
use OwenIt\Auditing\Contracts\Auditable;
+use Stevebauman\Purify\Facades\Purify;
class Alert extends Model implements Auditable
{
@@ -32,4 +33,9 @@ class Alert extends Model implements Auditable
'end',
'variant'
];
+
+ public function setHtmlAttribute($value)
+ {
+ $this->attributes['html'] = $value === null ? null : Purify::clean((string) $value);
+ }
}
diff --git a/config/purify.php b/config/purify.php
index e9b68556f..61fdc2ef4 100644
--- a/config/purify.php
+++ b/config/purify.php
@@ -49,6 +49,7 @@
'http' => true,
'https' => true,
'mailto' => true,
+ 'tel' => true,
],
'AutoFormat.AutoParagraph' => false,
'AutoFormat.RemoveEmpty' => false,
diff --git a/package-lock.json b/package-lock.json
index d8a72208d..5f719bc77 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -62,7 +62,7 @@
"@playwright/test": "^1.14.1",
"@vue/test-utils": "^1.3.6",
"@vue/vue2-jest": "^28.1.0",
- "axios": "^1.6.4",
+ "axios": "^1.15.2",
"babel-jest": "^28.1.0",
"bootstrap": "^4.6.1",
"browser-sync": "^2.27.11",
@@ -4690,14 +4690,15 @@
}
},
"node_modules/axios": {
- "version": "1.8.4",
- "resolved": "https://registry.npmjs.org/axios/-/axios-1.8.4.tgz",
- "integrity": "sha512-eBSYY4Y68NNlHbHBMdeDmKNtDgXWhQsJcGqzO3iLUM0GraQFSS9cVgPX5I9b3lbdFKyYoAEGAZF1DwhTaljNAw==",
+ "version": "1.15.2",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.2.tgz",
+ "integrity": "sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "follow-redirects": "^1.15.6",
- "form-data": "^4.0.0",
- "proxy-from-env": "^1.1.0"
+ "follow-redirects": "^1.15.11",
+ "form-data": "^4.0.5",
+ "proxy-from-env": "^2.1.0"
}
},
"node_modules/babel-jest": {
@@ -7620,6 +7621,22 @@
"node": ">= 0.4"
}
},
+ "node_modules/es-set-tostringtag": {
+ "version": "2.1.0",
+ "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+ "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+ "dev": true,
+ "license": "MIT",
+ "dependencies": {
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.6",
+ "has-tostringtag": "^1.0.2",
+ "hasown": "^2.0.2"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
"node_modules/es6-error": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/es6-error/-/es6-error-4.1.1.tgz",
@@ -8294,9 +8311,9 @@
"integrity": "sha512-3jkThaKmc6v62mUQwCBcnTsQEGLAxSIQOMK0U3o7tt3MSjNPaBc/lmaDFaJrWnFmV9LM4Jk3w/cROYJgOMJgHA=="
},
"node_modules/follow-redirects": {
- "version": "1.15.6",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
- "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
+ "version": "1.16.0",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz",
+ "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==",
"dev": true,
"funding": [
{
@@ -8304,6 +8321,7 @@
"url": "https://github.com/sponsors/RubenVerborgh"
}
],
+ "license": "MIT",
"engines": {
"node": ">=4.0"
},
@@ -8335,13 +8353,16 @@
}
},
"node_modules/form-data": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
- "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
+ "version": "4.0.5",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
+ "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
"dev": true,
+ "license": "MIT",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
+ "es-set-tostringtag": "^2.1.0",
+ "hasown": "^2.0.2",
"mime-types": "^2.1.12"
},
"engines": {
@@ -8677,11 +8698,12 @@
}
},
"node_modules/has-tostringtag": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz",
- "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+ "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+ "license": "MIT",
"dependencies": {
- "has-symbols": "^1.0.2"
+ "has-symbols": "^1.0.3"
},
"engines": {
"node": ">= 0.4"
@@ -18235,10 +18257,14 @@
}
},
"node_modules/proxy-from-env": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
- "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
- "dev": true
+ "version": "2.1.0",
+ "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
+ "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
+ "dev": true,
+ "license": "MIT",
+ "engines": {
+ "node": ">=10"
+ }
},
"node_modules/pseudomap": {
"version": "1.0.2",
diff --git a/package.json b/package.json
index 54643f4b0..0dbeceadf 100644
--- a/package.json
+++ b/package.json
@@ -18,11 +18,12 @@
"@playwright/test": "^1.14.1",
"@vue/test-utils": "^1.3.6",
"@vue/vue2-jest": "^28.1.0",
- "axios": "^1.6.4",
+ "axios": "^1.15.2",
"babel-jest": "^28.1.0",
"bootstrap": "^4.6.1",
"browser-sync": "^2.27.11",
"browser-sync-webpack-plugin": "^2.3.0",
+ "concurrently": "^9.0.1",
"faker": "^5.5.3",
"jest": "^28.1.0",
"jest-environment-jsdom": "^28.1.0",
@@ -44,7 +45,6 @@
"vue": "^2.7.14",
"vue-loader": "^15.10.1",
"vue-template-compiler": "^2.7.14",
- "concurrently": "^9.0.1",
"webpack-shell-plugin-next": "^2.3.1"
},
"dependencies": {
diff --git a/resources/js/components/AlertBanner.vue b/resources/js/components/AlertBanner.vue
index 16096db68..6bfebcb9c 100644
--- a/resources/js/components/AlertBanner.vue
+++ b/resources/js/components/AlertBanner.vue
@@ -10,7 +10,7 @@
{{ alert.title }}
-
+
@@ -24,6 +24,7 @@