From 346f0715f75280595bb54a6143fd0ac2212eccd6 Mon Sep 17 00:00:00 2001 From: Timo Bejan Date: Mon, 21 Nov 2022 13:11:49 +0200 Subject: [PATCH] RED-5546 dom sanitization --- .../search-screen.component.html | 2 +- .../search-screen/search-screen.component.ts | 7 ++ package.json | 1 + yarn.lock | 87 ++++++++++++++++++- 4 files changed, 95 insertions(+), 2 deletions(-) diff --git a/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.html b/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.html index 28057cb6c..252987c37 100644 --- a/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.html +++ b/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.html @@ -29,7 +29,7 @@
{{ item.filename }} diff --git a/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.ts b/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.ts index a736498eb..a5c65fd11 100644 --- a/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.ts +++ b/apps/red-ui/src/app/modules/search/search-screen/search-screen.component.ts @@ -33,6 +33,7 @@ import { FeaturesService } from '@services/features.service'; import { DossiersCacheService } from '@services/dossiers/dossiers-cache.service'; import { DossierTemplatesService } from '@services/dossier-templates/dossier-templates.service'; import { UserService } from '@users/user.service'; +import { stripHtml } from 'string-strip-html'; @Component({ templateUrl: './search-screen.component.html', @@ -302,4 +303,10 @@ export class SearchScreenComponent extends ListingComponent imp routerLink: file.routerLink, }; } + + stripHtmlForView(value: string) { + return stripHtml(value, { + ignoreTags: ['em'], + }).result; + } } diff --git a/package.json b/package.json index afb205625..04ef3bcf2 100644 --- a/package.json +++ b/package.json @@ -60,6 +60,7 @@ "sass": "^1.54.4", "scroll-into-view-if-needed": "^2.2.28", "streamsaver": "^2.0.5", + "string-strip-html": "^12.0.0", "tslib": "^2.4.0", "zone.js": "0.11.8" }, diff --git a/yarn.lock b/yarn.lock index 3d54568fe..ce72f8090 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6874,7 +6874,7 @@ html-encoding-sniffer@^3.0.0: dependencies: whatwg-encoding "^2.0.0" -html-entities@^2.1.0, html-entities@^2.3.2: +html-entities@^2.1.0, html-entities@^2.3.2, html-entities@^2.3.3: version "2.3.3" resolved "https://registry.npmjs.org/html-entities/-/html-entities-2.3.3.tgz" integrity sha512-DV5Ln36z34NNTDgnz0EWGBLZENelNAtkiFA4kyNOG2tDI6Mz1uSWiq1wAKdyjnJwyDiDO7Fa2SO1CTxPXL8VxA== @@ -8682,6 +8682,11 @@ lodash.camelcase@^4.3.0: resolved "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz" integrity sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA== +lodash.clonedeep@^4.5.0: + version "4.5.0" + resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef" + integrity sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ== + lodash.debounce@^4.0.8: version "4.0.8" resolved "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz" @@ -8692,6 +8697,11 @@ lodash.get@^4.4.2: resolved "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz" integrity sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ== +lodash.isplainobject@^4.0.6: + version "4.0.6" + resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb" + integrity sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA== + lodash.memoize@4.x, lodash.memoize@^4.1.2: version "4.1.2" resolved "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz" @@ -8702,11 +8712,21 @@ lodash.merge@^4.6.2: resolved "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== +lodash.trim@^4.5.1: + version "4.5.1" + resolved "https://registry.yarnpkg.com/lodash.trim/-/lodash.trim-4.5.1.tgz#36425e7ee90be4aa5e27bcebb85b7d11ea47aa57" + integrity sha512-nJAlRl/K+eiOehWKDzoBVrSMhK0K3A3YQsUNXHQa5yIrKBAhsZgSu3KoAFoFT+mEgiyBHddZ0pRk1ITpIp90Wg== + lodash.uniq@^4.5.0: version "4.5.0" resolved "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz" integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== +lodash.without@^4.4.0: + version "4.4.0" + resolved "https://registry.yarnpkg.com/lodash.without/-/lodash.without-4.4.0.tgz#3cd4574a00b67bae373a94b748772640507b7aac" + integrity sha512-M3MefBwfDhgKgINVuBJCO1YR3+gf6s9HNJsIiZ/Ru77Ws6uTb9eBuvrkpzO+9iLoAaRodGuq7tyrPCx+74QYGQ== + lodash@^4.17.14, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.7.0: version "4.17.21" resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz" @@ -10773,6 +10793,35 @@ range-parser@^1.2.1, range-parser@~1.2.1: resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== +ranges-apply@^6.2.12: + version "6.2.12" + resolved "https://registry.yarnpkg.com/ranges-apply/-/ranges-apply-6.2.12.tgz#88eb73acf221418786c246b69acf9bb788ffaca1" + integrity sha512-kvbXY6BNDpEAri/PlDZHlDyEAFvbAlfHGcIPQ6lg2BCifepx0t7knULy0ryvtsDuYCutK2ZVp+XTCMWcfaf/AQ== + dependencies: + ranges-merge "^8.2.7" + tiny-invariant "^1.3.1" + +ranges-merge@^8.2.7: + version "8.2.7" + resolved "https://registry.yarnpkg.com/ranges-merge/-/ranges-merge-8.2.7.tgz#16994947654ae4ad1b12ab4a1bfed92d79be54d6" + integrity sha512-ymJfok6pW4vndF8wy6SeqnLGu5GH8k+MM+W4fAqif79HGNloNzwE0ijVmuRd8D7ulJnwo5BGzwpZpXYHYeLlMQ== + dependencies: + ranges-push "^6.2.7" + ranges-sort "^5.1.6" + +ranges-push@^6.2.7: + version "6.2.7" + resolved "https://registry.yarnpkg.com/ranges-push/-/ranges-push-6.2.7.tgz#037f72250860f9fe37e6b6dd65b97b7890f98e9f" + integrity sha512-OX12airFLYK4/6dh3b82NRtGzpXyOWTmjiJzD/oMvzgZ2cfNbsa5qKLtf9AwZO6cVOpS2Li1l2mKTVjlM6MMpg== + dependencies: + string-collapse-leading-whitespace "^6.1.7" + string-trim-spaces-only "^4.1.6" + +ranges-sort@^5.1.6: + version "5.1.6" + resolved "https://registry.yarnpkg.com/ranges-sort/-/ranges-sort-5.1.6.tgz#dd552c979e56a3c0ba357261a61cf7cd5c43119b" + integrity sha512-/Mlg0Oe5iwu2lxeZGG/zzz92rQ6LpKimMx9uBj4EQthSSUDpvNeQzMthhdDBi/NGhG29rIWGpgl9jUHomUmX3Q== + raw-body@2.5.1: version "2.5.1" resolved "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz" @@ -11664,11 +11713,24 @@ string-argv@^0.3.1: resolved "https://registry.npmjs.org/string-argv/-/string-argv-0.3.1.tgz" integrity sha512-a1uQGz7IyVy9YwhqjZIZu1c8JO8dNIe20xBmSS6qu9kv++k3JGzCVmprbNN5Kn+BgzD5E7YYwg1CcjuJMRNsvg== +string-collapse-leading-whitespace@^6.1.7: + version "6.1.7" + resolved "https://registry.yarnpkg.com/string-collapse-leading-whitespace/-/string-collapse-leading-whitespace-6.1.7.tgz#9973872a51f0b0d97398be965dd0e0a1ab74b20f" + integrity sha512-RGpJrs/C31mPyBPvmjcM16joFYaywAoJ8L9pWY/xFegkykFdMrg569ragafoJZgv485hEwWjihD5VgwJftrRmw== + string-hash@^1.1.1: version "1.1.3" resolved "https://registry.npmjs.org/string-hash/-/string-hash-1.1.3.tgz" integrity sha512-kJUvRUFK49aub+a7T1nNE66EJbZBMnBgoC1UbCZ5n6bsZKBRga4KgBRTMn/pFkeCZSYtNeSyMxPDM0AXWELk2A== +string-left-right@^5.1.7: + version "5.1.7" + resolved "https://registry.yarnpkg.com/string-left-right/-/string-left-right-5.1.7.tgz#8a2dfd27596cdfa69927a4d568d837a2df66acab" + integrity sha512-WSFZJ/oy3Ako6VS3+MyA7S1OceG+RIFkPUQzHumtw/N8aAA5WafVgQg2AE9WQWZ7py9bJlcH50BjSo+PlN8xNw== + dependencies: + lodash.clonedeep "^4.5.0" + lodash.isplainobject "^4.0.6" + string-length@^4.0.1: version "4.0.2" resolved "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz" @@ -11677,6 +11739,24 @@ string-length@^4.0.1: char-regex "^1.0.2" strip-ansi "^6.0.0" +string-strip-html@^12.0.0: + version "12.0.0" + resolved "https://registry.yarnpkg.com/string-strip-html/-/string-strip-html-12.0.0.tgz#d75df263dce22d0e29311b409dfc3ffff1f1128d" + integrity sha512-Ojx1qfh7zViiRhIUCtZoIWxtJbFCCy/VdamDBt0MOpERRb4ZDNzUAzdz8zbXihnTKqHdm/9rT12JHiMdI+2eGA== + dependencies: + html-entities "^2.3.3" + lodash.isplainobject "^4.0.6" + lodash.trim "^4.5.1" + lodash.without "^4.4.0" + ranges-apply "^6.2.12" + ranges-push "^6.2.7" + string-left-right "^5.1.7" + +string-trim-spaces-only@^4.1.6: + version "4.1.6" + resolved "https://registry.yarnpkg.com/string-trim-spaces-only/-/string-trim-spaces-only-4.1.6.tgz#a50bd9166febd31311aecbe95db49f750b36adad" + integrity sha512-rI++1I1wesrddwz1TH011+zNO0k+0u4b8RwDrzPlrQ3jvPrmrXfn5O5eWeLFuV/8zmPSXe5iq+G43hURZF89hQ== + "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" @@ -12040,6 +12120,11 @@ timed-out@^4.0.0: resolved "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz" integrity sha512-G7r3AhovYtr5YKOWQkta8RKAPb+J9IsO4uVmzjl8AZwfhs8UcUwTiD6gcJYSgOtzyjvQKrKYn41syHbUWMkafA== +tiny-invariant@^1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/tiny-invariant/-/tiny-invariant-1.3.1.tgz#8560808c916ef02ecfd55e66090df23a4b7aa642" + integrity sha512-AD5ih2NlSssTCwsMznbvwMZpJ1cbhkGd2uueNxzv2jDlEeZdU04JQfRnggJQ8DrcVBGjAsCKwFBbDlVNtEMlzw== + tmp@^0.0.33: version "0.0.33" resolved "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz"