fix: bad html filtering regexp

2024-03-25 18:54:55 +05:30 · 2024-03-25 18:54:55 +05:30 · 7e9daf8a20
commit 7e9daf8a20
parent 07106f9161
3 changed files with 16 additions and 16 deletions
--- a/web/helpers/string.helper.ts
+++ b/web/helpers/string.helper.ts
@ -34,7 +34,7 @@ export const createSimilarString = (str: string) => {
 };

 const fallbackCopyTextToClipboard = (text: string) => {
-  var textArea = document.createElement("textarea");
+  const textArea = document.createElement("textarea");
  textArea.value = text;

  // Avoid scrolling to bottom
@ -49,7 +49,7 @@ const fallbackCopyTextToClipboard = (text: string) => {
  try {
    // FIXME: Even though we are using this as a fallback, execCommand is deprecated 👎. We should find a better way to do this.
    // https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand
-    var successful = document.execCommand("copy");
+    document.execCommand("copy");
  } catch (err) {}

  document.body.removeChild(textArea);
@ -117,9 +117,9 @@ export const getFirstCharacters = (str: string) => {
 * console.log(text); // Some text
 */

-export const stripHTML = (html: string) => {
-  const strippedText = html.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, ""); // Remove script tags
-  return strippedText.replace(/<[^>]*>/g, ""); // Remove all other HTML tags
+export const sanitizeHTML = (htmlString: string) => {
+  const sanitizedText = DOMPurify.sanitize(htmlString, { ALLOWED_TAGS: [] }); // sanitize the string to remove all HTML tags
+  return sanitizedText.trim(); // trim the string to remove leading and trailing whitespaces
 };

 /**
@ -130,7 +130,7 @@ export const stripHTML = (html: string) => {
 * console.log(text); // Some text
 */

-export const stripAndTruncateHTML = (html: string, length: number = 55) => truncateText(stripHTML(html), length);
+export const stripAndTruncateHTML = (html: string, length: number = 55) => truncateText(sanitizeHTML(html), length);

 /**
 * @description: This function return number count in string if number is more than 100 then it will return 99+
@ -172,10 +172,10 @@ export const getFetchKeysForIssueMutation = (options: {
  const ganttFetchKey = cycleId
    ? { ganttFetchKey: CYCLE_ISSUES_WITH_PARAMS(cycleId.toString(), ganttParams) }
    : moduleId
-      ? { ganttFetchKey: MODULE_ISSUES_WITH_PARAMS(moduleId.toString(), ganttParams) }
-      : viewId
-        ? { ganttFetchKey: VIEW_ISSUES(viewId.toString(), viewGanttParams) }
-        : { ganttFetchKey: PROJECT_ISSUES_LIST_WITH_PARAMS(projectId?.toString() ?? "", ganttParams) };
+    ? { ganttFetchKey: MODULE_ISSUES_WITH_PARAMS(moduleId.toString(), ganttParams) }
+    : viewId
+    ? { ganttFetchKey: VIEW_ISSUES(viewId.toString(), viewGanttParams) }
+    : { ganttFetchKey: PROJECT_ISSUES_LIST_WITH_PARAMS(projectId?.toString() ?? "", ganttParams) };

  return {
    ...ganttFetchKey,
--- a/web/package.json
+++ b/web/package.json
@ -33,7 +33,7 @@
    "clsx": "^2.0.0",
    "cmdk": "^0.2.0",
    "date-fns": "^2.30.0",
-    "dompurify": "^3.0.9",
+    "dompurify": "^3.0.11",
    "dotenv": "^16.0.3",
    "js-cookie": "^3.0.1",
    "lodash": "^4.17.21",
--- a/yarn.lock
+++ b/yarn.lock
@ -2722,7 +2722,7 @@
  dependencies:
    "@types/react" "*"

-"@types/react@*", "@types/react@18.2.42", "@types/react@^18.2.42":
+"@types/react@*", "@types/react@^18.2.42":
  version "18.2.42"
  resolved "https://registry.yarnpkg.com/@types/react/-/react-18.2.42.tgz#6f6b11a904f6d96dda3c2920328a97011a00aba7"
  integrity sha512-c1zEr96MjakLYus/wPnuWDo1/zErfdU9rNsIGmE+NV71nx88FG9Ttgo5dqorXTu/LImX2f63WBP986gJkMPNbA==
@ -4024,10 +4024,10 @@ dom4@^2.1.5:
  resolved "https://registry.yarnpkg.com/dom4/-/dom4-2.1.6.tgz#c90df07134aa0dbd81ed4d6ba1237b36fc164770"
  integrity sha512-JkCVGnN4ofKGbjf5Uvc8mmxaATIErKQKSgACdBXpsQ3fY6DlIpAyWfiBSrGkttATssbDCp3psiAKWXk5gmjycA==

-dompurify@^3.0.9:
-  version "3.0.9"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.9.tgz#b3f362f24b99f53498c75d43ecbd784b0b3ad65e"
-  integrity sha512-uyb4NDIvQ3hRn6NiC+SIFaP4mJ/MdXlvtunaqK9Bn6dD3RuB/1S/gasEjDHD8eiaqdSael2vBv+hOs7Y+jhYOQ==
+dompurify@^3.0.11:
+  version "3.0.11"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.11.tgz#c163f5816eaac6aeef35dae2b77fca0504564efe"
+  integrity sha512-Fan4uMuyB26gFV3ovPoEoQbxRRPfTu3CvImyZnhGq5fsIEO+gEFLp45ISFt+kQBWsK5ulDdT0oV28jS1UrwQLg==

 dot-case@^3.0.4:
  version "3.0.4"