security: multiple reported CVE fixes (#1515)

* update out of date license * update typing / refactor * fix arbitrarty path injection * use markdown sanatizer to prevent XSS CWE-79 * fix CWE-918 SSRF by validating url and mime type * add security docs * update recipe-scrapers * resolve DOS from arbitrary url * update changelog * bump version * add ref to #1506 * add #1511 to changelog * use requests decoder * actually fix encoding issue
2025-10-31 10:13:32 -04:00 · 2022-07-31 13:10:20 -08:00
parent 483f789b8e
commit 13850cda1f
23 changed files with 401 additions and 118 deletions
--- a/frontend/components/global/MarkdownEditor.vue
+++ b/frontend/components/global/MarkdownEditor.vue
@@ -22,21 +22,15 @@
      dense
      rows="4"
    />
-    <VueMarkdown v-else :source="value" />
+    <SafeMarkdown v-else :source="value" />
  </div>
 </template>

 <script lang="ts">
-// @ts-ignore vue-markdown has no types
-import VueMarkdown from "@adapttive/vue-markdown";
-
 import { defineComponent, computed, ref } from "@nuxtjs/composition-api";

 export default defineComponent({
  name: "MarkdownEditor",
-  components: {
-    VueMarkdown,
-  },
  props: {
    value: {
      type: String,