Skip to content

Commit

Permalink
fix sanitizer issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@quanpham-axonivy
quanpham-axonivy committed Dec 26, 2024
1 parent ea62b8a commit 1a468ce
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 6 deletions.
17 changes: 17 additions & 0 deletions marketplace-ui/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions marketplace-ui/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"@popperjs/core": "^2.11.8",
"bootstrap": "^5.3.3",
"bootstrap-icons": "^1.11.3",
"dompurify": "^3.2.3",
"emoji-toolkit": "^9.0.0",
"jwt-decode": "^4.0.0",
"karma-viewport": "^1.0.9",
Expand Down
4 changes: 2 additions & 2 deletions marketplace-ui/src/app/modules/product/product-detail/product-detail.component.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import {
Component,
ElementRef,
HostListener,
SecurityContext,
Signal,
WritableSignal,
computed,
Expand Down Expand Up @@ -54,6 +53,7 @@ import { DisplayValue } from '../../../shared/models/display-value.model';
import { CookieService } from 'ngx-cookie-service';
import { ROUTER } from '../../../shared/constants/router.constant';
import { SafeHtml, Title, DomSanitizer } from '@angular/platform-browser';
import DOMPurify from 'dompurify';
import { API_URI } from '../../../shared/constants/api.constant';
import { EmptyProductDetailPipe } from '../../../shared/pipes/empty-product-detail.pipe';
import { LoadingSpinnerComponent } from '../../../shared/components/loading-spinner/loading-spinner.component';
Expand Down Expand Up @@ -462,7 +462,7 @@ export class ProductDetailComponent {
md.use(MarkdownItGitHubAlerts);
md.use(full); // Add emoji support
const result = md.render(value);
const safeContent = this.sanitizer.sanitize(SecurityContext.HTML, result);
const safeContent = DOMPurify.sanitize(result);
return safeContent
? this.sanitizer.bypassSecurityTrustHtml(safeContent)
: '';
Expand Down
7 changes: 3 additions & 4 deletions marketplace-ui/src/app/modules/release-preview/release-preview.component.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ import {
Signal,
WritableSignal,
computed,
signal,
SecurityContext
signal
} from '@angular/core';
import { FormsModule } from '@angular/forms';
import { CommonModule } from '@angular/common';
Expand All @@ -24,6 +23,7 @@ import MarkdownIt from 'markdown-it';
import { full } from 'markdown-it-emoji';
import { DisplayValue } from '../../shared/models/display-value.model';
import { MultilingualismPipe } from '../../shared/pipes/multilingualism.pipe';
import DOMPurify from 'dompurify';

const DEFAULT_ACTIVE_TAB = 'description';
@Component({
Expand Down Expand Up @@ -131,8 +131,7 @@ export class ReleasePreviewComponent {
const md = MarkdownIt();
md.use(full);
const result = md.render(value);
const safeContent = this.sanitizer.sanitize(SecurityContext.HTML, result);

const safeContent = DOMPurify.sanitize(result);
return safeContent
? this.sanitizer.bypassSecurityTrustHtml(safeContent)
: '';
Expand Down

0 comments on commit 1a468ce

Please sign in to comment.