Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

<b-card>: "Tag" is displayed without escape in header, titlle and footer.

See original GitHub issue

Hello,

“Tag” is displayed without escape in b-card’s header, titlle and footer. “script-tag” is rejected. But “img-tag” can cause alert. Is this correct specification?

OS: macOS Mojave 10.14.1
vue: 2.5.17
nuxt: 2.3.4
bootstrap-vue: vue-2.0.0-rc.11

<template>
    <b-card :header="text1"
            :title="text1"
            :footer="text1">
        <h1>{{ text1 }}</h1>
        <b-form-input v-model="text1"></b-form-input>
    </b-card>
</template>

<script>
export default {
    data: function() {
        return {
            text1: 'hoge'
        }
    }
}
</script>

b-vue_xss

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:14 (9 by maintainers)

Top GitHub Comments

2reactions

tmorehousecommented, Dec 12, 2018

For things like b-form-select, b-form-radio-group and b-form-checkbox-group, the option to use HTML in the options array is important to many users. What we could do for those three components is default to rendering the option text as text, and then add an option to the component to enable rendering the text as html instead (i.e. an options-html boolean prop).

2reactions

4dn-osscommented, Dec 12, 2018

HTML tags are available for the following properties:

component	properties
b-card	`header`, `title`, `sub-title`, `footer`
b-carousel	`caption`, `text`
b-checkbox-group	`text` of `options` array element
~b-form-group~	~`label`, `description`, `feedback`, `valid-feedback`, `invalid-feedback`~
b-form-radio-group	`text` of `options` array element
b-input-group	`prepend`, `append`
b-navitem-dropdown	`text`
b-pagination	`first-text`, `prev-text`, `ellipsis-text`, `next-text`, `last-text`
b-pagination-nav	`first-text`, `prev-text`, `ellipsis-text`, `next-text`, `last-text`, return value of `page-gen`’s function
b-table	`caption`, `empty-text`, `empty-filtered-text`, `label` of `fields` array element

HTML tags are not available for the following properties:

component	properties
b-dropdown	`text`
b-form-file	`placeholder`
b-form-input	`placeholder`
b-form-select	`text` of `options` array element
b-form-textarea	`placeholder`
b-jumbotron	`header`, `lead`
b-modal	`title`, `ok-title`, `cancel-title`
b-popover	`title`, `content`
b-table	key and value of `items` array element
b-tab	`title`
b-tooltip	`title`

I have examined all the way, but there may be some missing.

Top Results From Across the Web

How to align left and right text mat-card-header in angular 4?

Save this question. Show activity on this post. I need to align the text content in the header on left and right side...

Modal | Components - BootstrapVue

When a title (or titleHtml ) is provided in the options, the header close button is not shown by default. You can enable...

Card component — Vuetify

The v-card component is a versatile component that can be used for anything from a panel to a static image. The card component...

Add the file name, date, author or other document properties ...

Note: Select Document Property to select additional information, such as Title, Company, or Subject. Select Close Header and Footer or press Esc to...

Offcanvas · Bootstrap v5.0

Below is an offcanvas example that is shown by default (via .show on .offcanvas ). Offcanvas includes support for a header with a...