inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-05-12 17:04:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-5399] Fix incomplete multi-character sanitization (#8707)

Browse Source 
* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization fix for comments.component

* [ACS-5399] sanitization fix for highlight-transform.service

* [ACS-5399] sanitization fix

* [ACS-5399] sanitization highlight-transform.service

* [ACS-5399] removed empty contructor

* [ACS-5399] linting

* [ACS-5399] fixed unit test

* [ACS-5399] linting

* [ACS-5399] fixed e2e

* [ACS-5399] added unit test to core

* [ACS-5399] added unit test to core

* [ACS-5399] test fix
This commit is contained in:
Mykyta Maliarchuk 2023-07-04 18:20:34 +02:00 committed by GitHub
parent dc06accace
commit 54542c8b2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
e2e/content-services/components/comment-component.e2e.ts
View File

@ -150,7 +150,8 @@ describe('Comment', () => {
await expect(await commentsPage.getTime(0)).toMatch(/(ago|few)/); await expect(await commentsPage.getTime(0)).toMatch(/(ago|few)/);
}); });
it('[C280022] Should not be able to add an HTML or other code input into the comment input filed', async () => { it('[C280022] Should treat HTML code as a regular string', async () => {
const resultStr = comments.codeType.replace(/\s\s+/g, ' ');
await viewerPage.viewFile(pngFileModel.name); await viewerPage.viewFile(pngFileModel.name);
await viewerPage.clickInfoButton(); await viewerPage.clickInfoButton();
await viewerPage.checkInfoSideBarIsDisplayed(); await viewerPage.checkInfoSideBarIsDisplayed();
@ -160,7 +161,7 @@ describe('Comment', () => {
await commentsPage.checkUserIconIsDisplayed(); await commentsPage.checkUserIconIsDisplayed();
await commentsPage.getTotalNumberOfComments('Comments (1)'); await commentsPage.getTotalNumberOfComments('Comments (1)');
await expect(await commentsPage.getMessage(0)).toEqual('First name: Last name:'); await expect(await commentsPage.getMessage(0)).toEqual(resultStr);
await expect(await commentsPage.getUserName(0)).toEqual(userFullName); await expect(await commentsPage.getUserName(0)).toEqual(userFullName);
await expect(await commentsPage.getTime(0)).toMatch(/(ago|few)/); await expect(await commentsPage.getTime(0)).toMatch(/(ago|few)/);
}); });

4
lib/core/src/lib/comments/comments.component.spec.ts
View File

@ -173,8 +173,8 @@ describe('CommentsComponent', () => {
fixture.detectChanges(); fixture.detectChanges();
await fixture.whenStable(); await fixture.whenStable();
const sanitizedStr = '<div class="text-class"><button onclick=""><h1>action</h1></button></div>';
expect(addCommentSpy).toHaveBeenCalledWith('123', 'action'); expect(addCommentSpy).toHaveBeenCalledWith('123', sanitizedStr);
}); });
it('should normalize comment when user input contains spaces sequence', async () => { it('should normalize comment when user input contains spaces sequence', async () => {

7
lib/core/src/lib/comments/comments.component.ts
View File

@ -175,8 +175,9 @@ export class CommentsComponent implements OnChanges {
} }
private sanitize(input: string): string { private sanitize(input: string): string {
return input.replace(/<[^>]+>/g, '') return input.replace(/^\s+|\s+$|\s+(?=\s)/g, '')
.replace(/^\s+|\s+$|\s+(?=\s)/g, '') .replace(/&/g, '&amp;').replace(/</g, '&lt;')
.replace(/\r?\n/g, '<br/>'); .replace(/>/g, '&gt;').replace(/"/g, '&quot;')
.replace(/'/g, '&#039;').replace(/\r?\n/g, '<br/>');
} }
} }

12
lib/core/src/lib/common/services/highlight-transform.service.ts
View File

@ -15,8 +15,7 @@
* limitations under the License. * limitations under the License.
*/ */
import { Injectable, SecurityContext } from '@angular/core'; import { Injectable } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
export interface HighlightTransformResult { export interface HighlightTransformResult {
text: string; text: string;
@ -28,8 +27,6 @@ export interface HighlightTransformResult {
}) })
export class HighlightTransformService { export class HighlightTransformService {
constructor(private sanitizer: DomSanitizer) {}
/** /**
* Searches for `search` string(s) within `text` and highlights all occurrences. * Searches for `search` string(s) within `text` and highlights all occurrences.
* *
@ -47,14 +44,17 @@ export class HighlightTransformService {
pattern = pattern.split(' ').filter((t) => t.length > 0).join('|'); pattern = pattern.split(' ').filter((t) => t.length > 0).join('|');
const regex = new RegExp(pattern, 'gi'); const regex = new RegExp(pattern, 'gi');
result = this.sanitizer.sanitize(SecurityContext.HTML, text).replace(regex, (match) => { result = this.removeHtmlTags(text).replace(regex, (match) => {
isMatching = true; isMatching = true;
return `<span class="${wrapperClass}">${match}</span>`; return `<span class="${wrapperClass}">${match}</span>`;
}); });
return { text: result, changed: isMatching }; return { text: result, changed: isMatching };
} else { } else {
return { text: result, changed: isMatching }; return { text: result, changed: isMatching };
} }
} }
private removeHtmlTags(text: string): string {
return text.split('>').pop().split('<')[0];
}
} }