Merge pull request #4525 from GabrielInTheWorld/correct-rendering-text
Sanitizing the inner html text.
This commit is contained in:
commit
5c0be51c7e
@ -6,7 +6,7 @@
|
||||
|
||||
<ng-container class="meta-text-block-content">
|
||||
<ng-container *ngIf="!isCommentEdited(section)">
|
||||
<div *ngIf="comments[section.id]" [innerHTML]="comments[section.id].comment"></div>
|
||||
<div *ngIf="comments[section.id]" [innerHTML]="sanitizeText(comments[section.id].comment)"></div>
|
||||
<div class="no-content" *ngIf="!comments[section.id] || !comments[section.id].comment" translate>
|
||||
No comment
|
||||
</div>
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { Component, Input } from '@angular/core';
|
||||
import { MatSnackBar } from '@angular/material';
|
||||
import { Title } from '@angular/platform-browser';
|
||||
import { Title, DomSanitizer, SafeHtml } from '@angular/platform-browser';
|
||||
import { FormGroup, FormBuilder } from '@angular/forms';
|
||||
|
||||
import { TranslateService } from '@ngx-translate/core';
|
||||
@ -65,6 +65,7 @@ export class MotionCommentsComponent extends BaseViewComponent {
|
||||
* @param formBuilder Form builder to handle text editing
|
||||
* @param operator service to get the sections
|
||||
* @param pdfService service to export a comment section to pdf
|
||||
* @param sanitizer to sanitize the inner html text
|
||||
* @param titleService set the browser title
|
||||
* @param translate the translation service
|
||||
* @param matSnackBar showing errors and information
|
||||
@ -74,6 +75,7 @@ export class MotionCommentsComponent extends BaseViewComponent {
|
||||
private formBuilder: FormBuilder,
|
||||
private operator: OperatorService,
|
||||
private pdfService: MotionPdfExportService,
|
||||
private sanitizer: DomSanitizer,
|
||||
titleService: Title,
|
||||
translate: TranslateService,
|
||||
matSnackBar: MatSnackBar
|
||||
@ -187,4 +189,15 @@ export class MotionCommentsComponent extends BaseViewComponent {
|
||||
public pdfExportSection(section: ViewMotionCommentSection): void {
|
||||
this.pdfService.exportComment(section, this.motion);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitize the text to be safe.
|
||||
*
|
||||
* @param text to be sanitized.
|
||||
*
|
||||
* @returns SafeHtml
|
||||
*/
|
||||
public sanitizeText(text: string): SafeHtml {
|
||||
return this.sanitizer.bypassSecurityTrustHtml(text);
|
||||
}
|
||||
}
|
||||
|
@ -653,7 +653,7 @@
|
||||
>
|
||||
<span translate>Reason</span> <span *ngIf="reasonRequired && editMotion">*</span>
|
||||
</h3>
|
||||
<div class="motion-text" *ngIf="!editMotion"><div [innerHtml]="motion.reason"></div></div>
|
||||
<div class="motion-text" *ngIf="!editMotion"><div [innerHtml]="sanitizedText(motion.reason)"></div></div>
|
||||
|
||||
<!-- The HTML Editor -->
|
||||
<editor formControlName="reason" [init]="tinyMceSettings" *ngIf="editMotion" required></editor>
|
||||
|
@ -1480,7 +1480,7 @@ export class MotionDetailComponent extends BaseViewComponent implements OnInit,
|
||||
* @returns the target to navigate to
|
||||
*/
|
||||
public getPrevUrl(): string {
|
||||
if (this.motion.parent_id) {
|
||||
if (this.motion && this.motion.parent_id) {
|
||||
return `../../${this.motion.parent_id}`;
|
||||
}
|
||||
return '../..';
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
<ng-container class="meta-text-block-content">
|
||||
<ng-container *ngIf="!isEditMode">
|
||||
<div *ngIf="motion && motion.personalNote" [innerHTML]="motion.personalNote.note"></div>
|
||||
<div *ngIf="motion && motion.personalNote" [innerHTML]="sanitizeText(motion.personalNote.note)"></div>
|
||||
<div class="no-content" *ngIf="!motion || !motion.personalNote" translate>
|
||||
No personal note
|
||||
</div>
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { Component, Input } from '@angular/core';
|
||||
import { FormBuilder, FormGroup } from '@angular/forms';
|
||||
import { Title } from '@angular/platform-browser';
|
||||
import { Title, SafeHtml, DomSanitizer } from '@angular/platform-browser';
|
||||
|
||||
import { TranslateService } from '@ngx-translate/core';
|
||||
|
||||
@ -41,13 +41,15 @@ export class PersonalNoteComponent extends BaseComponent {
|
||||
* @param personalNoteService
|
||||
* @param formBuilder
|
||||
* @param pdfService
|
||||
* @param sanitizer
|
||||
*/
|
||||
public constructor(
|
||||
title: Title,
|
||||
translate: TranslateService,
|
||||
private personalNoteService: PersonalNoteService,
|
||||
formBuilder: FormBuilder,
|
||||
private pdfService: MotionPdfExportService
|
||||
private pdfService: MotionPdfExportService,
|
||||
private sanitizer: DomSanitizer
|
||||
) {
|
||||
super(title, translate);
|
||||
this.personalNoteForm = formBuilder.group({
|
||||
@ -94,4 +96,15 @@ export class PersonalNoteComponent extends BaseComponent {
|
||||
public printPersonalNote(): void {
|
||||
this.pdfService.exportPersonalNote(this.motion.personalNote, this.motion);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitize the text to be safe.
|
||||
*
|
||||
* @param text to be sanitized.
|
||||
*
|
||||
* @returns SafeHtml
|
||||
*/
|
||||
public sanitizeText(text: string): SafeHtml {
|
||||
return this.sanitizer.bypassSecurityTrustHtml(text);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user