From 61926f5de654681b6e6203fcd7ed732560fb9a0f Mon Sep 17 00:00:00 2001
From: Timo Bejan <timo@devplant.ro>
Date: Mon, 21 Nov 2022 13:12:27 +0200
Subject: [PATCH] RED-5546 dom sanitization

---
 .../table-content/table-content.component.ts  |  1 -
 src/lib/services/toaster.service.ts           | 20 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/lib/listing/table-content/table-content.component.ts b/src/lib/listing/table-content/table-content.component.ts
index 6e0a042..603aff8 100644
--- a/src/lib/listing/table-content/table-content.component.ts
+++ b/src/lib/listing/table-content/table-content.component.ts
@@ -92,5 +92,4 @@ export class TableContentComponent<Class extends IListable<PrimaryKey>, PrimaryK
     private _disableMultiSelect() {
         this._multiSelectActive$.next(false);
     }
-
 }
diff --git a/src/lib/services/toaster.service.ts b/src/lib/services/toaster.service.ts
index 6790ea5..c19e4ca 100644
--- a/src/lib/services/toaster.service.ts
+++ b/src/lib/services/toaster.service.ts
@@ -1,4 +1,4 @@
-import { Injectable } from '@angular/core';
+import { Injectable, SecurityContext } from '@angular/core';
 import { ActiveToast, ToastrService } from 'ngx-toastr';
 import { IndividualConfig } from 'ngx-toastr/toastr/toastr-config';
 import { NavigationStart, Router } from '@angular/router';
@@ -6,6 +6,8 @@ import { TranslateService } from '@ngx-translate/core';
 import { HttpErrorResponse, HttpStatusCode } from '@angular/common/http';
 import { filter } from 'rxjs/operators';
 import { ErrorMessageService } from './error-message.service';
+import { DomSanitizer } from '@angular/platform-browser';
+import { stripHtml } from 'string-strip-html';
 
 const enum NotificationType {
     SUCCESS = 'SUCCESS',
@@ -42,6 +44,7 @@ export class Toaster {
     constructor(
         private readonly _toastr: ToastrService,
         private readonly _router: Router,
+        private readonly _domSanitize: DomSanitizer,
         private readonly _translateService: TranslateService,
         private readonly _errorMessageService: ErrorMessageService,
     ) {
@@ -78,7 +81,20 @@ export class Toaster {
         notificationType = NotificationType.INFO,
         options?: Partial<ToasterOptions>,
     ): ActiveToast<unknown> {
-        const translatedMsg = this._translateService.instant(message, options?.params) as string;
+
+        const sanitized :any = {};
+
+        if(options?.params) {
+            const params : any = options?.params;
+            for (let key of Object.keys(params)) {
+                const value = params[key];
+                sanitized[key] = stripHtml(value).result;
+            }
+        }
+
+        console.log(sanitized);
+
+        const translatedMsg = this._translateService.instant(message, sanitized) as string;
 
         switch (notificationType) {
             case NotificationType.SUCCESS: