[ACS-5399] Fix incomplete multi-character sanitization (#8707)

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix for comments.component

* [ACS-5399] sanitization fix for highlight-transform.service

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization highlight-transform.service

* [ACS-5399] removed empty contructor

* [ACS-5399] linting

* [ACS-5399] fixed unit test

* [ACS-5399] linting

* [ACS-5399] fixed e2e

* [ACS-5399] added unit test to core

* [ACS-5399] added unit test to core

* [ACS-5399] test fix

lib/core/src/lib/comments/comments.component.spec.ts

@@ -173,8 +173,8 @@ describe('CommentsComponent', () => {
 
             fixture.detectChanges();
             await fixture.whenStable();
-
-            expect(addCommentSpy).toHaveBeenCalledWith('123', 'action');
+            const sanitizedStr = '<div class="text-class"><button onclick=""><h1>action</h1></button></div>';
+            expect(addCommentSpy).toHaveBeenCalledWith('123', sanitizedStr);
         });
 
         it('should normalize comment when user input contains spaces sequence', async () => {

lib/core/src/lib/comments/comments.component.ts

@@ -175,8 +175,9 @@ export class CommentsComponent implements OnChanges {
     }
 
     private sanitize(input: string): string {
-        return input.replace(/<[^>]+>/g, '')
-            .replace(/^\s+|\s+$|\s+(?=\s)/g, '')
-            .replace(/\r?\n/g, '<br/>');
+        return input.replace(/^\s+|\s+$|\s+(?=\s)/g, '')
+            .replace(/&/g, '&amp;').replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;').replace(/"/g, '&quot;')
+            .replace(/'/g, '&#039;').replace(/\r?\n/g, '<br/>');
     }
 }