Sanitizing the inner html text.

This commit is contained in:
GabrielMeyer 2019-03-21 17:39:57 +01:00
parent 0527b814bc
commit fca92ef9e2
6 changed files with 33 additions and 7 deletions

View File

@ -6,7 +6,7 @@
<ng-container class="meta-text-block-content">
<ng-container *ngIf="!isCommentEdited(section)">
<div *ngIf="comments[section.id]" [innerHTML]="comments[section.id].comment"></div>
<div *ngIf="comments[section.id]" [innerHTML]="sanitizeText(comments[section.id].comment)"></div>
<div class="no-content" *ngIf="!comments[section.id] || !comments[section.id].comment" translate>
No comment
</div>

View File

@ -1,6 +1,6 @@
import { Component, Input } from '@angular/core';
import { MatSnackBar } from '@angular/material';
import { Title } from '@angular/platform-browser';
import { Title, DomSanitizer, SafeHtml } from '@angular/platform-browser';
import { FormGroup, FormBuilder } from '@angular/forms';
import { TranslateService } from '@ngx-translate/core';
@ -65,6 +65,7 @@ export class MotionCommentsComponent extends BaseViewComponent {
* @param formBuilder Form builder to handle text editing
* @param operator service to get the sections
* @param pdfService service to export a comment section to pdf
* @param sanitizer to sanitize the inner html text
* @param titleService set the browser title
* @param translate the translation service
* @param matSnackBar showing errors and information
@ -74,6 +75,7 @@ export class MotionCommentsComponent extends BaseViewComponent {
private formBuilder: FormBuilder,
private operator: OperatorService,
private pdfService: MotionPdfExportService,
private sanitizer: DomSanitizer,
titleService: Title,
translate: TranslateService,
matSnackBar: MatSnackBar
@ -187,4 +189,15 @@ export class MotionCommentsComponent extends BaseViewComponent {
public pdfExportSection(section: ViewMotionCommentSection): void {
this.pdfService.exportComment(section, this.motion);
}
/**
* Sanitize the text to be safe.
*
* @param text to be sanitized.
*
* @returns SafeHtml
*/
public sanitizeText(text: string): SafeHtml {
return this.sanitizer.bypassSecurityTrustHtml(text);
}
}

View File

@ -653,7 +653,7 @@
>
<span translate>Reason</span>&nbsp;<span *ngIf="reasonRequired && editMotion">*</span>
</h3>
<div class="motion-text" *ngIf="!editMotion"><div [innerHtml]="motion.reason"></div></div>
<div class="motion-text" *ngIf="!editMotion"><div [innerHtml]="sanitizedText(motion.reason)"></div></div>
<!-- The HTML Editor -->
<editor formControlName="reason" [init]="tinyMceSettings" *ngIf="editMotion" required></editor>

View File

@ -1480,7 +1480,7 @@ export class MotionDetailComponent extends BaseViewComponent implements OnInit,
* @returns the target to navigate to
*/
public getPrevUrl(): string {
if (this.motion.parent_id) {
if (this.motion && this.motion.parent_id) {
return `../../${this.motion.parent_id}`;
}
return '../..';

View File

@ -5,7 +5,7 @@
<ng-container class="meta-text-block-content">
<ng-container *ngIf="!isEditMode">
<div *ngIf="motion && motion.personalNote" [innerHTML]="motion.personalNote.note"></div>
<div *ngIf="motion && motion.personalNote" [innerHTML]="sanitizeText(motion.personalNote.note)"></div>
<div class="no-content" *ngIf="!motion || !motion.personalNote" translate>
No personal note
</div>

View File

@ -1,6 +1,6 @@
import { Component, Input } from '@angular/core';
import { FormBuilder, FormGroup } from '@angular/forms';
import { Title } from '@angular/platform-browser';
import { Title, SafeHtml, DomSanitizer } from '@angular/platform-browser';
import { TranslateService } from '@ngx-translate/core';
@ -41,13 +41,15 @@ export class PersonalNoteComponent extends BaseComponent {
* @param personalNoteService
* @param formBuilder
* @param pdfService
* @param sanitizer
*/
public constructor(
title: Title,
translate: TranslateService,
private personalNoteService: PersonalNoteService,
formBuilder: FormBuilder,
private pdfService: MotionPdfExportService
private pdfService: MotionPdfExportService,
private sanitizer: DomSanitizer
) {
super(title, translate);
this.personalNoteForm = formBuilder.group({
@ -94,4 +96,15 @@ export class PersonalNoteComponent extends BaseComponent {
public printPersonalNote(): void {
this.pdfService.exportPersonalNote(this.motion.personalNote, this.motion);
}
/**
* Sanitize the text to be safe.
*
* @param text to be sanitized.
*
* @returns SafeHtml
*/
public sanitizeText(text: string): SafeHtml {
return this.sanitizer.bypassSecurityTrustHtml(text);
}
}