Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

HTML encode notifications sent by non-admins to prevent HTML injection

Browse Source
This commit is contained in:
sbwalker
2023-12-13 10:07:21 -05:00
parent ac701f28b5
commit 6621983a9c
7 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Client/UI/ThemeBuilder.razor
View File

@ -88,8 +88,8 @@
protected override async Task OnAfterRenderAsync(bool firstRender)
{
// force user to provide email address (email may be missing if using external login)
if (PageState.User != null && string.IsNullOrEmpty(PageState.User.Email) && PageState.Route.PagePath != "profile")
// force authenticated user to provide email address (email may be missing if using external login)
if (PageState.User != null && PageState.User.IsAuthenticated && string.IsNullOrEmpty(PageState.User.Email) && PageState.Route.PagePath != "profile")
{
NavigationManager.NavigateTo(Utilities.NavigateUrl(PageState.Alias.Path, "profile", "returnurl=" + WebUtility.UrlEncode(PageState.Route.PathAndQuery)));
return;