From be896b502fbdf140d559e9dfed9295d7d02232d7 Mon Sep 17 00:00:00 2001
From: AleksanderSklorz <115619721+AleksanderSklorz@users.noreply.github.com>
Date: Tue, 27 Jun 2023 08:10:27 +0200
Subject: [PATCH] [ACS-5395] Fixed possibility to containing script by string
 (#8696)

* ACS-5395 Fixed possibility to containing script by string

* ACS-5395 Fixed possibility to containing script by string
---
 .../src/lib/common/services/highlight-transform.service.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/core/src/lib/common/services/highlight-transform.service.ts b/lib/core/src/lib/common/services/highlight-transform.service.ts
index 37c02378d0..b8b1eed2e7 100644
--- a/lib/core/src/lib/common/services/highlight-transform.service.ts
+++ b/lib/core/src/lib/common/services/highlight-transform.service.ts
@@ -15,7 +15,8 @@
  * limitations under the License.
  */
 
-import { Injectable } from '@angular/core';
+import { Injectable, SecurityContext } from '@angular/core';
+import { DomSanitizer } from '@angular/platform-browser';
 
 export interface HighlightTransformResult {
     text: string;
@@ -27,6 +28,8 @@ export interface HighlightTransformResult {
 })
 export class HighlightTransformService {
 
+    constructor(private sanitizer: DomSanitizer) {}
+
     /**
      * Searches for `search` string(s) within `text` and highlights all occurrences.
      *
@@ -44,7 +47,7 @@ export class HighlightTransformService {
             pattern = pattern.split(' ').filter((t) => t.length > 0).join('|');
 
             const regex = new RegExp(pattern, 'gi');
-            result = text.replace(/<[^>]+>/g, '').replace(regex, (match) => {
+            result = this.sanitizer.sanitize(SecurityContext.HTML, text).replace(regex, (match) => {
                 isMatching = true;
                 return `<span class="${wrapperClass}">${match}</span>`;
             });