Sanitizing the inner html text.
This commit is contained in:
parent
0527b814bc
commit
fca92ef9e2
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
<ng-container class="meta-text-block-content">
|
<ng-container class="meta-text-block-content">
|
||||||
<ng-container *ngIf="!isCommentEdited(section)">
|
<ng-container *ngIf="!isCommentEdited(section)">
|
||||||
<div *ngIf="comments[section.id]" [innerHTML]="comments[section.id].comment"></div>
|
<div *ngIf="comments[section.id]" [innerHTML]="sanitizeText(comments[section.id].comment)"></div>
|
||||||
<div class="no-content" *ngIf="!comments[section.id] || !comments[section.id].comment" translate>
|
<div class="no-content" *ngIf="!comments[section.id] || !comments[section.id].comment" translate>
|
||||||
No comment
|
No comment
|
||||||
</div>
|
</div>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
import { Component, Input } from '@angular/core';
|
import { Component, Input } from '@angular/core';
|
||||||
import { MatSnackBar } from '@angular/material';
|
import { MatSnackBar } from '@angular/material';
|
||||||
import { Title } from '@angular/platform-browser';
|
import { Title, DomSanitizer, SafeHtml } from '@angular/platform-browser';
|
||||||
import { FormGroup, FormBuilder } from '@angular/forms';
|
import { FormGroup, FormBuilder } from '@angular/forms';
|
||||||
|
|
||||||
import { TranslateService } from '@ngx-translate/core';
|
import { TranslateService } from '@ngx-translate/core';
|
||||||
@ -65,6 +65,7 @@ export class MotionCommentsComponent extends BaseViewComponent {
|
|||||||
* @param formBuilder Form builder to handle text editing
|
* @param formBuilder Form builder to handle text editing
|
||||||
* @param operator service to get the sections
|
* @param operator service to get the sections
|
||||||
* @param pdfService service to export a comment section to pdf
|
* @param pdfService service to export a comment section to pdf
|
||||||
|
* @param sanitizer to sanitize the inner html text
|
||||||
* @param titleService set the browser title
|
* @param titleService set the browser title
|
||||||
* @param translate the translation service
|
* @param translate the translation service
|
||||||
* @param matSnackBar showing errors and information
|
* @param matSnackBar showing errors and information
|
||||||
@ -74,6 +75,7 @@ export class MotionCommentsComponent extends BaseViewComponent {
|
|||||||
private formBuilder: FormBuilder,
|
private formBuilder: FormBuilder,
|
||||||
private operator: OperatorService,
|
private operator: OperatorService,
|
||||||
private pdfService: MotionPdfExportService,
|
private pdfService: MotionPdfExportService,
|
||||||
|
private sanitizer: DomSanitizer,
|
||||||
titleService: Title,
|
titleService: Title,
|
||||||
translate: TranslateService,
|
translate: TranslateService,
|
||||||
matSnackBar: MatSnackBar
|
matSnackBar: MatSnackBar
|
||||||
@ -187,4 +189,15 @@ export class MotionCommentsComponent extends BaseViewComponent {
|
|||||||
public pdfExportSection(section: ViewMotionCommentSection): void {
|
public pdfExportSection(section: ViewMotionCommentSection): void {
|
||||||
this.pdfService.exportComment(section, this.motion);
|
this.pdfService.exportComment(section, this.motion);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize the text to be safe.
|
||||||
|
*
|
||||||
|
* @param text to be sanitized.
|
||||||
|
*
|
||||||
|
* @returns SafeHtml
|
||||||
|
*/
|
||||||
|
public sanitizeText(text: string): SafeHtml {
|
||||||
|
return this.sanitizer.bypassSecurityTrustHtml(text);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -653,7 +653,7 @@
|
|||||||
>
|
>
|
||||||
<span translate>Reason</span> <span *ngIf="reasonRequired && editMotion">*</span>
|
<span translate>Reason</span> <span *ngIf="reasonRequired && editMotion">*</span>
|
||||||
</h3>
|
</h3>
|
||||||
<div class="motion-text" *ngIf="!editMotion"><div [innerHtml]="motion.reason"></div></div>
|
<div class="motion-text" *ngIf="!editMotion"><div [innerHtml]="sanitizedText(motion.reason)"></div></div>
|
||||||
|
|
||||||
<!-- The HTML Editor -->
|
<!-- The HTML Editor -->
|
||||||
<editor formControlName="reason" [init]="tinyMceSettings" *ngIf="editMotion" required></editor>
|
<editor formControlName="reason" [init]="tinyMceSettings" *ngIf="editMotion" required></editor>
|
||||||
|
@ -1480,7 +1480,7 @@ export class MotionDetailComponent extends BaseViewComponent implements OnInit,
|
|||||||
* @returns the target to navigate to
|
* @returns the target to navigate to
|
||||||
*/
|
*/
|
||||||
public getPrevUrl(): string {
|
public getPrevUrl(): string {
|
||||||
if (this.motion.parent_id) {
|
if (this.motion && this.motion.parent_id) {
|
||||||
return `../../${this.motion.parent_id}`;
|
return `../../${this.motion.parent_id}`;
|
||||||
}
|
}
|
||||||
return '../..';
|
return '../..';
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
<ng-container class="meta-text-block-content">
|
<ng-container class="meta-text-block-content">
|
||||||
<ng-container *ngIf="!isEditMode">
|
<ng-container *ngIf="!isEditMode">
|
||||||
<div *ngIf="motion && motion.personalNote" [innerHTML]="motion.personalNote.note"></div>
|
<div *ngIf="motion && motion.personalNote" [innerHTML]="sanitizeText(motion.personalNote.note)"></div>
|
||||||
<div class="no-content" *ngIf="!motion || !motion.personalNote" translate>
|
<div class="no-content" *ngIf="!motion || !motion.personalNote" translate>
|
||||||
No personal note
|
No personal note
|
||||||
</div>
|
</div>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
import { Component, Input } from '@angular/core';
|
import { Component, Input } from '@angular/core';
|
||||||
import { FormBuilder, FormGroup } from '@angular/forms';
|
import { FormBuilder, FormGroup } from '@angular/forms';
|
||||||
import { Title } from '@angular/platform-browser';
|
import { Title, SafeHtml, DomSanitizer } from '@angular/platform-browser';
|
||||||
|
|
||||||
import { TranslateService } from '@ngx-translate/core';
|
import { TranslateService } from '@ngx-translate/core';
|
||||||
|
|
||||||
@ -41,13 +41,15 @@ export class PersonalNoteComponent extends BaseComponent {
|
|||||||
* @param personalNoteService
|
* @param personalNoteService
|
||||||
* @param formBuilder
|
* @param formBuilder
|
||||||
* @param pdfService
|
* @param pdfService
|
||||||
|
* @param sanitizer
|
||||||
*/
|
*/
|
||||||
public constructor(
|
public constructor(
|
||||||
title: Title,
|
title: Title,
|
||||||
translate: TranslateService,
|
translate: TranslateService,
|
||||||
private personalNoteService: PersonalNoteService,
|
private personalNoteService: PersonalNoteService,
|
||||||
formBuilder: FormBuilder,
|
formBuilder: FormBuilder,
|
||||||
private pdfService: MotionPdfExportService
|
private pdfService: MotionPdfExportService,
|
||||||
|
private sanitizer: DomSanitizer
|
||||||
) {
|
) {
|
||||||
super(title, translate);
|
super(title, translate);
|
||||||
this.personalNoteForm = formBuilder.group({
|
this.personalNoteForm = formBuilder.group({
|
||||||
@ -94,4 +96,15 @@ export class PersonalNoteComponent extends BaseComponent {
|
|||||||
public printPersonalNote(): void {
|
public printPersonalNote(): void {
|
||||||
this.pdfService.exportPersonalNote(this.motion.personalNote, this.motion);
|
this.pdfService.exportPersonalNote(this.motion.personalNote, this.motion);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize the text to be safe.
|
||||||
|
*
|
||||||
|
* @param text to be sanitized.
|
||||||
|
*
|
||||||
|
* @returns SafeHtml
|
||||||
|
*/
|
||||||
|
public sanitizeText(text: string): SafeHtml {
|
||||||
|
return this.sanitizer.bypassSecurityTrustHtml(text);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user