inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-07-24 17:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-5401] Fix unsafe HTML constructed from library input (#8725)

Browse Source 
* [ACS-5401] sucurity fix

* [ACS-5401] fix tests

* [ACS-5401] security fix
This commit is contained in:
Mykyta Maliarchuk
2023-07-04 15:30:44 +02:00
committed by GitHub
parent addcc6fb34
commit 8fba7449e4
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/content-services/src/lib/content-user-info/content-user-info.component.html
View File

@@ -1,8 +1,8 @@
<div
id="userinfo_container"
[class.adf-userinfo-name-right]="showOnRight"
<div
id="userinfo_container"
[class.adf-userinfo-name-right]="showOnRight"
(keyup)="onKeyPress($event)"
class="adf-userinfo-container"
class="adf-userinfo-container"
*ngIf="canShow"
>
<span *ngIf="showName" id="adf-userinfo-ecm-name-display" class="adf-userinfo-name">

7
lib/core/src/lib/pipes/user-initial.pipe.ts
View File

@@ -31,7 +31,12 @@ export class InitialUsernamePipe implements PipeTransform {
let safeHtml: SafeHtml = '';
if (user) {
const initialResult = this.getInitialUserName(user.firstName || user.displayName || user.username, user.lastName, delimiter);
safeHtml = this.sanitized.bypassSecurityTrustHtml(`<div data-automation-id="user-initials-image" class="${className}">${initialResult}</div>`);
const div = document.createElement('div');
div.innerText = initialResult;
div.dataset.automationId = 'user-initials-image';
div.className = className;
safeHtml = this.sanitized.bypassSecurityTrustHtml(div.outerHTML);
}
return safeHtml;
}