web icon indicating copy to clipboard operation
web copied to clipboard

Published 20 hours ago verified publisher icon OCA

[17.0][FIX] web_timeline: Enable XSS protection

Open etobella opened this issue 9 months ago • 3 comments

XSS protection was disabled on this widget. It shouldn't happen.... vis-timeline was complaining about it...

A warning was raised:

You disabled XSS protection for vis-Timeline. I sure hope you know what you\'re doing!

etobella avatar Feb 16 '25 10:02 etobella

Hi @tarteo, some modules you are maintaining are being modified, check this out!

OCA-git-bot avatar Feb 16 '25 10:02 OCA-git-bot

I had the same view when using it and without using it :thinking:

I don't know, but warnings were raised for this reason

etobella avatar Feb 17 '25 09:02 etobella

Can you please try this modification using project_timeline_hr_timesheet? The problem was <div t-attf-class="o_project_timeline_hr_timesheet_progress"> didn't show that class, and the same for t-attf-class="text-white {{ record.remaining_hours &lt; 0 ? 'bg-danger ' : 'bg-success '}}

pedrobaeza avatar Feb 17 '25 22:02 pedrobaeza

@etobella please see this PR https://github.com/OCA/web/pull/3169

carlos-lopez-tecnativa avatar May 12 '25 15:05 carlos-lopez-tecnativa

Thanks @carlos-lopez-tecnativa Obviously your is more clean than my solution

etobella avatar Jul 24 '25 04:07 etobella