3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-19 00:31:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

🐛 Sanitize inputs for variant property names and values (#6532)

Browse source
This commit is contained in:
luisδμ 2025-05-23 12:08:39 +02:00 committed by GitHub
parent 44829ff1ae
commit a9173f672d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
frontend/src/app/main/ui/workspace/sidebar/options/menus/component.cljs
View file

@ -286,7 +286,8 @@
(mf/use-fn (mf/use-fn
(mf/deps component-ids) (mf/deps component-ids)
(fn [pos value] (fn [pos value]
(let [value (if (= value empty-indicator) "" value)] (let [value (str/trim value)
value (if (= value empty-indicator) "" value)]
(doseq [id component-ids] (doseq [id component-ids]
(st/emit! (dwv/update-property-value id pos value)) (st/emit! (dwv/update-property-value id pos value))
(st/emit! (dwv/update-error id nil)))))) (st/emit! (dwv/update-error id nil))))))
@ -295,11 +296,12 @@
(mf/use-fn (mf/use-fn
(mf/deps variant-id) (mf/deps variant-id)
(fn [event] (fn [event]
(let [value (dom/get-target-val event) (let [value (str/trim (dom/get-target-val event))
pos (-> (dom/get-current-target event) pos (-> (dom/get-current-target event)
(dom/get-data "position") (dom/get-data "position")
int)] int)]
(st/emit! (dwv/update-property-name variant-id pos value)))))] (when (seq value)
(st/emit! (dwv/update-property-name variant-id pos value))))))]
[:* [:*
[:div {:class (stl/css :variant-property-list)} [:div {:class (stl/css :variant-property-list)}