[ACS-5395] Fixed possibility to containing script by string (#8696)

* ACS-5395 Fixed possibility to containing script by string

* ACS-5395 Fixed possibility to containing script by string

lib/core/src/lib/common/services/highlight-transform.service.ts

@@ -15,7 +15,8 @@
  * limitations under the License.
  */
 
-import { Injectable } from '@angular/core';
+import { Injectable, SecurityContext } from '@angular/core';
+import { DomSanitizer } from '@angular/platform-browser';
 
 export interface HighlightTransformResult {
     text: string;
@@ -27,6 +28,8 @@ export interface HighlightTransformResult {
 })
 export class HighlightTransformService {
 
+    constructor(private sanitizer: DomSanitizer) {}
+
     /**
      * Searches for `search` string(s) within `text` and highlights all occurrences.
      *
@@ -44,7 +47,7 @@ export class HighlightTransformService {
             pattern = pattern.split(' ').filter((t) => t.length > 0).join('|');
 
             const regex = new RegExp(pattern, 'gi');
-            result = text.replace(/<[^>]+>/g, '').replace(regex, (match) => {
+            result = this.sanitizer.sanitize(SecurityContext.HTML, text).replace(regex, (match) => {
                 isMatching = true;
                 return `<span class="${wrapperClass}">${match}</span>`;
             });