From 6a6db17d2c475b4f2f18dee8a4e4535ca5f8e057 Mon Sep 17 00:00:00 2001
From: Nicoleta Panaghiu <nicoleta.panaghiu.ext@knecon.com>
Date: Tue, 20 Aug 2024 15:11:30 +0300
Subject: [PATCH] RED-9889: escape html in component values.

---
 .../editable-structured-component-value.component.html       | 2 +-
 .../editable-structured-component-value.component.ts         | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.html b/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.html
index 39d8bf3d4..6a0624a6e 100644
--- a/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.html
+++ b/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.html
@@ -4,7 +4,7 @@
         <div class="value">
             <div class="text">
                 @for (componentValue of entry.componentValues; track componentValue) {
-                    <span [innerHTML]="transformNewLines(componentValue.value ?? componentValue.originalValue)"></span>
+                    <span [innerHTML]="transformNewLines(componentValue.value ?? componentValue.originalValue) | replaceNbsp"></span>
                 }
             </div>
             <div class="actions">
diff --git a/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.ts b/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.ts
index 5617d84e0..9683f667e 100644
--- a/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.ts
+++ b/apps/red-ui/src/app/modules/file-preview/components/editable-structured-component-value/editable-structured-component-value.component.ts
@@ -8,6 +8,8 @@ import { TranslateModule } from '@ngx-translate/core';
 import { IComponentLogEntry, IComponentValue } from '@red/domain';
 import { RevertValueDialogComponent } from '../../dialogs/docu-mine/revert-value-dialog/revert-value-dialog.component';
 import { FilePreviewStateService } from '../../services/file-preview-state.service';
+import { escapeHtml } from '@common-ui/utils';
+import { ReplaceNbspPipe } from '@common-ui/pipes/replace-nbsp.pipe';
 
 @Component({
     selector: 'redaction-editable-structured-component-value [entry] [canEdit]',
@@ -28,6 +30,7 @@ import { FilePreviewStateService } from '../../services/file-preview-state.servi
         CdkDragHandle,
         FormsModule,
         AsyncPipe,
+        ReplaceNbspPipe,
     ],
 })
 export class EditableStructuredComponentValueComponent implements OnInit {
@@ -149,7 +152,7 @@ export class EditableStructuredComponentValueComponent implements OnInit {
     }
 
     transformNewLines(value: string) {
-        return value.replace(/\n/g, '<br>');
+        return escapeHtml(value).replace(/\n/g, '<br>');
     }
 
     #getUniqueReferencesIds(values: IComponentValue[]) {