[ACS-5399] Fix incomplete multi-character sanitization (#8707)

* [ACS-5399] sanitization fix * [ACS-5399] sanitization fix * [ACS-5399] sanitization fix * [ACS-5399] sanitization fix * [ACS-5399] sanitization fix for comments.component * [ACS-5399] sanitization fix for highlight-transform.service * [ACS-5399] sanitization fix * [ACS-5399] sanitization highlight-transform.service * [ACS-5399] removed empty contructor * [ACS-5399] linting * [ACS-5399] fixed unit test * [ACS-5399] linting * [ACS-5399] fixed e2e * [ACS-5399] added unit test to core * [ACS-5399] added unit test to core * [ACS-5399] test fix
2025-07-24 17:32:15 +00:00 · 2023-07-04 18:20:34 +02:00
parent dc06accace
commit 54542c8b2b
4 changed files with 15 additions and 13 deletions
--- a/lib/core/src/lib/comments/comments.component.spec.ts
+++ b/lib/core/src/lib/comments/comments.component.spec.ts
@@ -173,8 +173,8 @@ describe('CommentsComponent', () => {

            fixture.detectChanges();
            await fixture.whenStable();
-
-            expect(addCommentSpy).toHaveBeenCalledWith('123', 'action');
+            const sanitizedStr = '&lt;div class=&quot;text-class&quot;&gt;&lt;button onclick=&quot;&quot;&gt;&lt;h1&gt;action&lt;/h1&gt;&lt;/button&gt;&lt;/div&gt;';
+            expect(addCommentSpy).toHaveBeenCalledWith('123', sanitizedStr);
        });

        it('should normalize comment when user input contains spaces sequence', async () => {
--- a/lib/core/src/lib/comments/comments.component.ts
+++ b/lib/core/src/lib/comments/comments.component.ts
@@ -175,8 +175,9 @@ export class CommentsComponent implements OnChanges {
    }

    private sanitize(input: string): string {
-        return input.replace(/<[^>]+>/g, '')
-            .replace(/^\s+|\s+$|\s+(?=\s)/g, '')
-            .replace(/\r?\n/g, '<br/>');
+        return input.replace(/^\s+|\s+$|\s+(?=\s)/g, '')
+            .replace(/&/g, '&amp;').replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;').replace(/"/g, '&quot;')
+            .replace(/'/g, '&#039;').replace(/\r?\n/g, '<br/>');
    }
 }
--- a/lib/core/src/lib/common/services/highlight-transform.service.ts
+++ b/lib/core/src/lib/common/services/highlight-transform.service.ts
@@ -15,8 +15,7 @@
 * limitations under the License.
 */

-import { Injectable, SecurityContext } from '@angular/core';
-import { DomSanitizer } from '@angular/platform-browser';
+import { Injectable } from '@angular/core';

 export interface HighlightTransformResult {
    text: string;
@@ -28,8 +27,6 @@ export interface HighlightTransformResult {
 })
 export class HighlightTransformService {

-    constructor(private sanitizer: DomSanitizer) {}
-
    /**
     * Searches for `search` string(s) within `text` and highlights all occurrences.
     *
@@ -47,14 +44,17 @@ export class HighlightTransformService {
            pattern = pattern.split(' ').filter((t) => t.length > 0).join('|');

            const regex = new RegExp(pattern, 'gi');
-            result = this.sanitizer.sanitize(SecurityContext.HTML, text).replace(regex, (match) => {
+            result = this.removeHtmlTags(text).replace(regex, (match) => {
                isMatching = true;
                return `<span class="${wrapperClass}">${match}</span>`;
            });
-
            return { text: result, changed: isMatching };
        } else {
            return { text: result, changed: isMatching };
        }
    }
+
+    private removeHtmlTags(text: string): string {
+        return text.split('>').pop().split('<')[0];
+    }
 }