security: multiple reported CVE fixes (#1515)

* update out of date license * update typing / refactor * fix arbitrarty path injection * use markdown sanatizer to prevent XSS CWE-79 * fix CWE-918 SSRF by validating url and mime type * add security docs * update recipe-scrapers * resolve DOS from arbitrary url * update changelog * bump version * add ref to #1506 * add #1511 to changelog * use requests decoder * actually fix encoding issue
2025-10-30 09:43:43 -04:00 · 2022-07-31 13:10:20 -08:00
parent 483f789b8e
commit 13850cda1f
23 changed files with 401 additions and 118 deletions
--- a/frontend/components/Domain/Recipe/RecipeNotes.vue
+++ b/frontend/components/Domain/Recipe/RecipeNotes.vue
@@ -18,7 +18,7 @@
          {{ note.title }}
        </v-card-title>
        <v-card-text>
-          <VueMarkdown :source="note.text"> </VueMarkdown>
+          <SafeMarkdown :source="note.text" />
        </v-card-text>
      </div>
    </div>
@@ -30,15 +30,10 @@
 </template>

 <script lang="ts">
-// @ts-ignore vue-markdown has no types
-import VueMarkdown from "@adapttive/vue-markdown";
 import { defineComponent } from "@nuxtjs/composition-api";
 import { RecipeNote } from "~/types/api-types/recipe";

 export default defineComponent({
-  components: {
-    VueMarkdown,
-  },
  props: {
    value: {
      type: Array as () => RecipeNote[],