bert.hausmans
b8286d6a84
Vulnerable dependencies upgraded: - Backend: league/commonmark >=2.8.2 (HTML injection bypass), phpunit/phpunit >=11.5.50, laravel/tinker (psysh LPE) - Frontend: axios 1.13→1.15 (SSRF + metadata exfiltration), @casl/ability updated (prototype pollution) - Removed swiper from all 3 apps (prototype pollution CVE, only used in Vuexy demo pages) XSS vectors removed: - Deleted Vuexy demo pages with v-html rendering API data: help-center/article, academy/course-details - Deleted all front-pages (landing, pricing, checkout, payment) — Vuexy marketing template, not Crewli business logic - Deleted swiper demo components and views - Fixed admin main.ts: replaced innerHTML with template literal with safe DOM construction using textContent Cookie security: - Added SameSite=Strict and Secure flags to admin cookie defaults Cleanup: - Removed swiper SCSS from all 3 apps - Removed swiper custom element config from all 3 vite configs - Portal localStorage cleanup verified: reset() clears all keys, called on both explicit logout and 401 interceptor Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
51 lines
1.5 KiB
TypeScript
51 lines
1.5 KiB
TypeScript
import { createApp } from 'vue'
|
|
import { VueQueryPlugin } from '@tanstack/vue-query'
|
|
import { queryClientConfig } from '@/lib/query-client'
|
|
|
|
import App from '@/App.vue'
|
|
import { registerPlugins } from '@core/utils/plugins'
|
|
|
|
// Styles
|
|
import '@core/scss/template/index.scss'
|
|
import '@styles/styles.scss'
|
|
|
|
// Create vue app
|
|
const app = createApp(App)
|
|
|
|
// Error handler for unhandled errors
|
|
app.config.errorHandler = (err, instance, info) => {
|
|
console.error('Vue Error:', err, info)
|
|
console.error('Component:', instance)
|
|
}
|
|
|
|
// Register plugins
|
|
app.use(VueQueryPlugin, queryClientConfig)
|
|
|
|
try {
|
|
registerPlugins(app)
|
|
} catch (error) {
|
|
console.error('Failed to register plugins:', error)
|
|
throw error
|
|
}
|
|
|
|
// Mount vue app
|
|
try {
|
|
app.mount('#app')
|
|
} catch (error) {
|
|
console.error('Failed to mount app:', error)
|
|
// Show error message to user (safe DOM construction — no innerHTML with variables)
|
|
const el = document.getElementById('app')!
|
|
el.innerHTML = ''
|
|
const wrapper = document.createElement('div')
|
|
wrapper.style.cssText = 'padding: 20px; text-align: center;'
|
|
const h1 = document.createElement('h1')
|
|
h1.textContent = 'Application Error'
|
|
const p = document.createElement('p')
|
|
p.textContent = 'Failed to start the application. Please check the console for details.'
|
|
const pre = document.createElement('pre')
|
|
pre.style.cssText = 'text-align: left; background: #f5f5f5; padding: 10px; border-radius: 4px; overflow: auto;'
|
|
pre.textContent = String(error)
|
|
wrapper.append(h1, p, pre)
|
|
el.appendChild(wrapper)
|
|
}
|