From 14338c04b6b3408e64097f8fb260775450bac87e Mon Sep 17 00:00:00 2001 From: "AAVN\\pvquan" Date: Thu, 26 Dec 2024 11:08:23 +0700 Subject: [PATCH] fix sanitizer issues --- .../product-detail/product-detail.component.spec.ts | 8 ++++---- .../product/product-detail/product-detail.component.ts | 6 ++---- .../release-preview/release-preview.component.spec.ts | 10 +++++----- .../release-preview/release-preview.component.ts | 8 +++----- 4 files changed, 14 insertions(+), 18 deletions(-) diff --git a/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.spec.ts b/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.spec.ts index b6afbd79..2c507fc4 100644 --- a/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.spec.ts +++ b/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.spec.ts @@ -31,9 +31,6 @@ import { ProductDetailActionType } from '../../../shared/enums/product-detail-ac import { LanguageService } from '../../../core/services/language/language.service'; import { Language } from '../../../shared/enums/language.enum'; import { MatomoTestingModule } from 'ngx-matomo-client/testing'; -import * as MarkdownIt from 'markdown-it'; -import * as MarkdownItGitHubAlerts from 'markdown-it-github-alerts'; -import { SafeHtml } from '@angular/platform-browser'; import { AuthService } from '../../../auth/auth.service'; import { AppModalService } from '../../../shared/services/app-modal.service'; import { ProductFeedbackService } from './product-detail-feedback/product-feedbacks-panel/product-feedback.service'; @@ -58,7 +55,10 @@ describe('ProductDetailComponent', () => { let mockAppModalService: jasmine.SpyObj; beforeEach(async () => { - const spy = jasmine.createSpyObj('DomSanitizer', ['bypassSecurityTrustHtml']); + const spy = jasmine.createSpyObj('DomSanitizer', [ + 'bypassSecurityTrustHtml', + 'sanitize' + ]); const routingQueryParamServiceSpy = jasmine.createSpyObj( 'RoutingQueryParamService', ['getDesignerVersionFromSessionStorage', 'isDesignerEnv'] diff --git a/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.ts b/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.ts index af53a11c..8999824e 100644 --- a/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.ts +++ b/marketplace-ui/src/app/modules/product/product-detail/product-detail.component.ts @@ -462,9 +462,7 @@ export class ProductDetailComponent { md.use(MarkdownItGitHubAlerts); md.use(full); // Add emoji support const result = md.render(value); - const safeContent = this.sanitizer.sanitize(SecurityContext.HTML, result); - return safeContent - ? this.sanitizer.bypassSecurityTrustHtml(safeContent) - : ''; + this.sanitizer.sanitize(SecurityContext.HTML, result); + return this.sanitizer.bypassSecurityTrustHtml(result); } } diff --git a/marketplace-ui/src/app/modules/release-preview/release-preview.component.spec.ts b/marketplace-ui/src/app/modules/release-preview/release-preview.component.spec.ts index 0635d121..adea28d6 100644 --- a/marketplace-ui/src/app/modules/release-preview/release-preview.component.spec.ts +++ b/marketplace-ui/src/app/modules/release-preview/release-preview.component.spec.ts @@ -18,7 +18,10 @@ describe('ReleasePreviewComponent', () => { let releasePreviewService: ReleasePreviewService; let languageService: jasmine.SpyObj; let sanitizerSpy: jasmine.SpyObj; - const spy = jasmine.createSpyObj('DomSanitizer', ['bypassSecurityTrustHtml']); + const spy = jasmine.createSpyObj('DomSanitizer', [ + 'bypassSecurityTrustHtml', + 'sanitize' + ]); beforeEach(async () => { const languageServiceSpy = jasmine.createSpyObj('LanguageService', [ @@ -26,10 +29,7 @@ describe('ReleasePreviewComponent', () => { ]); await TestBed.configureTestingModule({ - imports: [ - ReleasePreviewComponent, - TranslateModule.forRoot(), - ], + imports: [ReleasePreviewComponent, TranslateModule.forRoot()], providers: [ provideHttpClient(withInterceptorsFromDi()), provideHttpClientTesting(), diff --git a/marketplace-ui/src/app/modules/release-preview/release-preview.component.ts b/marketplace-ui/src/app/modules/release-preview/release-preview.component.ts index 70f6387c..538b7450 100644 --- a/marketplace-ui/src/app/modules/release-preview/release-preview.component.ts +++ b/marketplace-ui/src/app/modules/release-preview/release-preview.component.ts @@ -24,6 +24,7 @@ import MarkdownIt from 'markdown-it'; import { full } from 'markdown-it-emoji'; import { DisplayValue } from '../../shared/models/display-value.model'; import { MultilingualismPipe } from '../../shared/pipes/multilingualism.pipe'; +import DOMPurify from 'dompurify'; const DEFAULT_ACTIVE_TAB = 'description'; @Component({ @@ -131,10 +132,7 @@ export class ReleasePreviewComponent { const md = MarkdownIt(); md.use(full); const result = md.render(value); - const safeContent = this.sanitizer.sanitize(SecurityContext.HTML, result); - - return safeContent - ? this.sanitizer.bypassSecurityTrustHtml(safeContent) - : ''; + this.sanitizer.sanitize(SecurityContext.HTML, result); + return this.sanitizer.bypassSecurityTrustHtml(result); } }