RED-9889: escape html in component values.

apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.html

@@ -4,7 +4,7 @@
         <div class="value">
             <div class="text">
                 @for (componentValue of entry.componentValues; track componentValue) {
-                    <span [innerHTML]="transformNewLines(componentValue.value ?? componentValue.originalValue)"></span>
+                    <span [innerHTML]="transformNewLines(componentValue.value ?? componentValue.originalValue) | replaceNbsp"></span>
                 }
             </div>
             <div class="actions">

apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.ts

@@ -8,6 +8,8 @@ import { TranslateModule } from '@ngx-translate/core';
 import { IComponentLogEntry, IComponentValue } from '@red/domain';
 import { RevertValueDialogComponent } from '../../dialogs/docu-mine/revert-value-dialog/revert-value-dialog.component';
 import { FilePreviewStateService } from '../../services/file-preview-state.service';
+import { escapeHtml } from '@common-ui/utils';
+import { ReplaceNbspPipe } from '@common-ui/pipes/replace-nbsp.pipe';
 
 @Component({
     selector: 'redaction-editable-structured-component-value [entry] [canEdit]',
@@ -28,6 +30,7 @@ import { FilePreviewStateService } from '../../services/file-preview-state.servi
         CdkDragHandle,
         FormsModule,
         AsyncPipe,
+        ReplaceNbspPipe,
     ],
 })
 export class EditableStructuredComponentValueComponent implements OnInit {
@@ -149,7 +152,7 @@ export class EditableStructuredComponentValueComponent implements OnInit {
     }
 
     transformNewLines(value: string) {
-        return value.replace(/\n/g, '<br>');
+        return escapeHtml(value).replace(/\n/g, '<br>');
     }
 
     #getUniqueReferencesIds(values: IComponentValue[]) {