diff --git a/e2e/content-services/components/comment-component.e2e.ts b/e2e/content-services/components/comment-component.e2e.ts
index 35b39c1fde..bea4c42ff4 100644
--- a/e2e/content-services/components/comment-component.e2e.ts
+++ b/e2e/content-services/components/comment-component.e2e.ts
@@ -150,7 +150,8 @@ describe('Comment', () => {
await expect(await commentsPage.getTime(0)).toMatch(/(ago|few)/);
});
- it('[C280022] Should not be able to add an HTML or other code input into the comment input filed', async () => {
+ it('[C280022] Should treat HTML code as a regular string', async () => {
+ const resultStr = comments.codeType.replace(/\s\s+/g, ' ');
await viewerPage.viewFile(pngFileModel.name);
await viewerPage.clickInfoButton();
await viewerPage.checkInfoSideBarIsDisplayed();
@@ -160,7 +161,7 @@ describe('Comment', () => {
await commentsPage.checkUserIconIsDisplayed();
await commentsPage.getTotalNumberOfComments('Comments (1)');
- await expect(await commentsPage.getMessage(0)).toEqual('First name: Last name:');
+ await expect(await commentsPage.getMessage(0)).toEqual(resultStr);
await expect(await commentsPage.getUserName(0)).toEqual(userFullName);
await expect(await commentsPage.getTime(0)).toMatch(/(ago|few)/);
});
diff --git a/lib/core/src/lib/comments/comments.component.spec.ts b/lib/core/src/lib/comments/comments.component.spec.ts
index 31e9353588..31e996e1f0 100644
--- a/lib/core/src/lib/comments/comments.component.spec.ts
+++ b/lib/core/src/lib/comments/comments.component.spec.ts
@@ -173,8 +173,8 @@ describe('CommentsComponent', () => {
fixture.detectChanges();
await fixture.whenStable();
-
- expect(addCommentSpy).toHaveBeenCalledWith('123', 'action');
+ const sanitizedStr = '<div class="text-class"><button onclick=""><h1>action</h1></button></div>';
+ expect(addCommentSpy).toHaveBeenCalledWith('123', sanitizedStr);
});
it('should normalize comment when user input contains spaces sequence', async () => {
diff --git a/lib/core/src/lib/comments/comments.component.ts b/lib/core/src/lib/comments/comments.component.ts
index 564d45cd84..a0192abae3 100644
--- a/lib/core/src/lib/comments/comments.component.ts
+++ b/lib/core/src/lib/comments/comments.component.ts
@@ -175,8 +175,9 @@ export class CommentsComponent implements OnChanges {
}
private sanitize(input: string): string {
- return input.replace(/<[^>]+>/g, '')
- .replace(/^\s+|\s+$|\s+(?=\s)/g, '')
- .replace(/\r?\n/g, '
');
+ return input.replace(/^\s+|\s+$|\s+(?=\s)/g, '')
+ .replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"')
+ .replace(/'/g, ''').replace(/\r?\n/g, '
');
}
}
diff --git a/lib/core/src/lib/common/services/highlight-transform.service.ts b/lib/core/src/lib/common/services/highlight-transform.service.ts
index b8b1eed2e7..5cae81ed3f 100644
--- a/lib/core/src/lib/common/services/highlight-transform.service.ts
+++ b/lib/core/src/lib/common/services/highlight-transform.service.ts
@@ -15,8 +15,7 @@
* limitations under the License.
*/
-import { Injectable, SecurityContext } from '@angular/core';
-import { DomSanitizer } from '@angular/platform-browser';
+import { Injectable } from '@angular/core';
export interface HighlightTransformResult {
text: string;
@@ -28,8 +27,6 @@ export interface HighlightTransformResult {
})
export class HighlightTransformService {
- constructor(private sanitizer: DomSanitizer) {}
-
/**
* Searches for `search` string(s) within `text` and highlights all occurrences.
*
@@ -47,14 +44,17 @@ export class HighlightTransformService {
pattern = pattern.split(' ').filter((t) => t.length > 0).join('|');
const regex = new RegExp(pattern, 'gi');
- result = this.sanitizer.sanitize(SecurityContext.HTML, text).replace(regex, (match) => {
+ result = this.removeHtmlTags(text).replace(regex, (match) => {
isMatching = true;
return `${match}`;
});
-
return { text: result, changed: isMatching };
} else {
return { text: result, changed: isMatching };
}
}
+
+ private removeHtmlTags(text: string): string {
+ return text.split('>').pop().split('<')[0];
+ }
}