inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-07-24 17:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-5395] Fixed possibility to containing script by string (#8696)

Browse Source 
* ACS-5395 Fixed possibility to containing script by string

* ACS-5395 Fixed possibility to containing script by string
This commit is contained in:
AleksanderSklorz
2023-06-27 08:10:27 +02:00
committed by GitHub
parent 1078e27cba
commit be896b502f
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/core/src/lib/common/services/highlight-transform.service.ts
View File

@@ -15,7 +15,8 @@
* limitations under the License.
*/
import { Injectable } from '@angular/core';
import { Injectable, SecurityContext } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
export interface HighlightTransformResult {
text: string;
@@ -27,6 +28,8 @@ export interface HighlightTransformResult {
})
export class HighlightTransformService {
constructor(private sanitizer: DomSanitizer) {}
/**
* Searches for `search` string(s) within `text` and highlights all occurrences.
*
@@ -44,7 +47,7 @@ export class HighlightTransformService {
pattern = pattern.split(' ').filter((t) => t.length > 0).join('|');
const regex = new RegExp(pattern, 'gi');
result = text.replace(/<[^>]+>/g, '').replace(regex, (match) => {
result = this.sanitizer.sanitize(SecurityContext.HTML, text).replace(regex, (match) => {
isMatching = true;
return `<span class="${wrapperClass}">${match}</span>`;
});