Merge pull request #4 from hthienloc/main

nhktmdzhg · web-flow · commit f04ec2651ed8 · 2026-04-10T00:43:48.000Z
Pin GitHub Actions, update dependencies, and sanitize v-html output
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -19,10 +19,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 🛎️ Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: 🥟 Setup Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.0.1
         with:
           bun-version: latest
 
@@ -33,7 +33,7 @@ jobs:
         run: bun run build
 
       - name: 📁 Upload Pages artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: ./dist
 
@@ -48,4 +48,4 @@ jobs:
     steps:
       - name: 🚀 Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
diff --git a/bun.lock b/bun.lock
diff --git a/package.json b/package.json
@@ -12,13 +12,15 @@
   },
   "dependencies": {
     "@element-plus/icons-vue": "^2.3.2",
+    "dompurify": "^3.3.3",
     "element-plus": "^2.13.5",
     "oh-vue-icons": "^1.0.0-rc3",
     "vue": "^3.5.29",
     "vue-router": "4"
   },
   "devDependencies": {
     "@tsconfig/node24": "^24.0.4",
+    "@types/dompurify": "^3.2.0",
     "@types/node": "^24.11.0",
     "@vitejs/plugin-vue": "^6.0.4",
     "@vue/tsconfig": "^0.9.0",
@@ -32,6 +34,8 @@
     "vue-tsc": "^3.2.5"
   },
   "overrides": {
+    "lodash": "^4.18.1",
+    "lodash-es": "^4.18.1",
     "unimport": "latest",
     "strip-literal": "latest"
   },
diff --git a/src/components/InteractiveInstaller.vue b/src/components/InteractiveInstaller.vue
@@ -2,6 +2,7 @@
 import { ref, computed } from 'vue';
 import { DocumentCopy } from '@element-plus/icons-vue';
 import { ElMessage } from 'element-plus';
+import DOMPurify from 'dompurify';
 import {
   distros,
   methods,
@@ -21,6 +22,8 @@ const selectedDe = ref<string>(deWms[0] || '');
 const selectedEnv = ref<string>(environments[1] || '');
 const selectedInit = ref<string>(initSystems[0] || 'systemd');
 
+const sanitize = (html: string) => DOMPurify.sanitize(html);
+
 const activateServerCode = computed(() => {
   if (selectedDistro.value === 'NixOS')
     return '# Bước này đã được cấu hình trong flake.nix ở trên.';
@@ -346,7 +349,7 @@ const chromiumWaylandFlags =
               <li
                 v-for="(step, idx) in fcitx5Config.steps"
                 :key="idx"
-                v-html="step"
+                v-html="sanitize(step)"
               ></li>
             </ul>
           </div>
@@ -398,7 +401,7 @@ const chromiumWaylandFlags =
                       <li
                         v-for="(point, idx) in waylandDeSpecific.best_setup"
                         :key="idx"
-                        v-html="point"
+                        v-html="sanitize(point)"
                       ></li>
                     </ul>
                   </div>
