From 8cc61bc4274531620f453629b20c6be6e85dc819 Mon Sep 17 00:00:00 2001 From: Dakshesh Jain <65905942+dakshesh14@users.noreply.github.com> Date: Mon, 30 Oct 2023 13:59:00 +0530 Subject: [PATCH 1/2] fix: html sensitization function (#2552) --- .../notifications/notification-card.tsx | 8 ++++---- web/helpers/string.helper.ts | 15 ++++++++++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/web/components/notifications/notification-card.tsx b/web/components/notifications/notification-card.tsx index 45a2ab2b2..f8a2b1700 100644 --- a/web/components/notifications/notification-card.tsx +++ b/web/components/notifications/notification-card.tsx @@ -11,7 +11,7 @@ import { ArchiveIcon, CustomMenu, Tooltip } from "@plane/ui"; import { ArchiveRestore, Clock, MessageSquare, User2 } from "lucide-react"; // helper -import { stripHTML, replaceUnderscoreIfSnakeCase, truncateText } from "helpers/string.helper"; +import { replaceUnderscoreIfSnakeCase, truncateText, stripAndTruncateHTML } from "helpers/string.helper"; import { formatDateDistance, render12HourFormatTime, @@ -115,10 +115,10 @@ export const NotificationCard: React.FC = (props) => { renderShortDateWithYearFormat(notification.data.issue_activity.new_value) ) : notification.data.issue_activity.field === "attachment" ? ( "the issue" - ) : stripHTML(notification.data.issue_activity.new_value).length > 55 ? ( - stripHTML(notification.data.issue_activity.new_value).slice(0, 50) + "..." + ) : notification.data.issue_activity.field === "description" ? ( + stripAndTruncateHTML(notification.data.issue_activity.new_value, 55) ) : ( - stripHTML(notification.data.issue_activity.new_value) + notification.data.issue_activity.new_value ) ) : ( diff --git a/web/helpers/string.helper.ts b/web/helpers/string.helper.ts index 6596f1d69..29f414200 100644 --- a/web/helpers/string.helper.ts +++ b/web/helpers/string.helper.ts @@ -111,11 +111,20 @@ export const getFirstCharacters = (str: string) => { */ export const stripHTML = (html: string) => { - const tmp = document.createElement("DIV"); - tmp.innerHTML = html; - return tmp.textContent || tmp.innerText || ""; + const strippedText = html.replace(/]*>[\s\S]*?<\/script>/gi, ""); // Remove script tags + return strippedText.replace(/<[^>]*>/g, ""); // Remove all other HTML tags }; +/** + * + * @example: + * const html = "

Some text

"; + * const text = stripAndTruncateHTML(html); + * console.log(text); // Some text + */ + +export const stripAndTruncateHTML = (html: string, length: number = 55) => truncateText(stripHTML(html), length); + /** * @description: This function return number count in string if number is more than 100 then it will return 99+ * @param {number} number From 7edaa49c219df3f0e4b1d671f610dcf13cd00d14 Mon Sep 17 00:00:00 2001 From: Nikhil <118773738+pablohashescobar@users.noreply.github.com> Date: Mon, 30 Oct 2023 15:05:25 +0530 Subject: [PATCH 2/2] revert: issues endpoint (#2555) --- apiserver/plane/api/views/cycle.py | 5 ++--- apiserver/plane/api/views/issue.py | 15 ++++++--------- apiserver/plane/api/views/module.py | 5 ++--- apiserver/plane/api/views/view.py | 19 +++++-------------- apiserver/plane/api/views/workspace.py | 5 ++--- 5 files changed, 17 insertions(+), 32 deletions(-) diff --git a/apiserver/plane/api/views/cycle.py b/apiserver/plane/api/views/cycle.py index cfab09801..b18c42d86 100644 --- a/apiserver/plane/api/views/cycle.py +++ b/apiserver/plane/api/views/cycle.py @@ -579,7 +579,6 @@ class CycleIssueViewSet(BaseViewSet): ) ) - total_issues = issues.count() issues_data = IssueStateSerializer(issues, many=True).data if sub_group_by and sub_group_by == group_by: @@ -591,12 +590,12 @@ class CycleIssueViewSet(BaseViewSet): if group_by: grouped_results = group_results(issues_data, group_by, sub_group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) return Response( - {"data": issues_data, "total_issues": total_issues}, status=status.HTTP_200_OK + issues_data, status=status.HTTP_200_OK ) def create(self, request, slug, project_id, cycle_id): diff --git a/apiserver/plane/api/views/issue.py b/apiserver/plane/api/views/issue.py index 56b79ea34..99f2de2c2 100644 --- a/apiserver/plane/api/views/issue.py +++ b/apiserver/plane/api/views/issue.py @@ -217,7 +217,6 @@ class IssueViewSet(BaseViewSet): else: issue_queryset = issue_queryset.order_by(order_by_param) - total_issues = issue_queryset.count() issues = IssueLiteSerializer(issue_queryset, many=True).data ## Grouping the results @@ -232,12 +231,12 @@ class IssueViewSet(BaseViewSet): if group_by: grouped_results = group_results(issues, group_by, sub_group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) return Response( - {"data": issues, "total_issues": total_issues}, status=status.HTTP_200_OK + issues, status=status.HTTP_200_OK ) @@ -426,7 +425,6 @@ class UserWorkSpaceIssues(BaseAPIView): else: issue_queryset = issue_queryset.order_by(order_by_param) - total_issues = issue_queryset.count() issues = IssueLiteSerializer(issue_queryset, many=True).data ## Grouping the results @@ -441,12 +439,12 @@ class UserWorkSpaceIssues(BaseAPIView): if group_by: grouped_results = group_results(issues, group_by, sub_group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) return Response( - {"data": issues, "total_issues": total_issues}, status=status.HTTP_200_OK + issues, status=status.HTTP_200_OK ) @@ -2151,7 +2149,6 @@ class IssueDraftViewSet(BaseViewSet): else: issue_queryset = issue_queryset.order_by(order_by_param) - total_issues = issue_queryset.count() issues = IssueLiteSerializer(issue_queryset, many=True).data ## Grouping the results @@ -2159,12 +2156,12 @@ class IssueDraftViewSet(BaseViewSet): if group_by: grouped_results = group_results(issues, group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) return Response( - {"data": issues, "total_issues": total_issues}, status=status.HTTP_200_OK + issues, status=status.HTTP_200_OK ) def create(self, request, slug, project_id): diff --git a/apiserver/plane/api/views/module.py b/apiserver/plane/api/views/module.py index e5bda6b65..48f892764 100644 --- a/apiserver/plane/api/views/module.py +++ b/apiserver/plane/api/views/module.py @@ -364,7 +364,6 @@ class ModuleIssueViewSet(BaseViewSet): .values("count") ) ) - total_issues = issues.count() issues_data = IssueStateSerializer(issues, many=True).data if sub_group_by and sub_group_by == group_by: @@ -376,12 +375,12 @@ class ModuleIssueViewSet(BaseViewSet): if group_by: grouped_results = group_results(issues_data, group_by, sub_group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) return Response( - {"data": issues_data, "total_issues": total_issues}, status=status.HTTP_200_OK + issues_data, status=status.HTTP_200_OK ) def create(self, request, slug, project_id, module_id): diff --git a/apiserver/plane/api/views/view.py b/apiserver/plane/api/views/view.py index c549324a1..f58f320b7 100644 --- a/apiserver/plane/api/views/view.py +++ b/apiserver/plane/api/views/view.py @@ -93,7 +93,6 @@ class GlobalViewIssuesViewSet(BaseViewSet): ) ) - @method_decorator(gzip_page) def list(self, request, slug): filters = issue_filters(request.query_params, "GET") @@ -117,9 +116,7 @@ class GlobalViewIssuesViewSet(BaseViewSet): .values("count") ) .annotate( - attachment_count=IssueAttachment.objects.filter( - issue=OuterRef("id") - ) + attachment_count=IssueAttachment.objects.filter(issue=OuterRef("id")) .order_by() .annotate(count=Func(F("id"), function="Count")) .values("count") @@ -129,9 +126,7 @@ class GlobalViewIssuesViewSet(BaseViewSet): # Priority Ordering if order_by_param == "priority" or order_by_param == "-priority": priority_order = ( - priority_order - if order_by_param == "priority" - else priority_order[::-1] + priority_order if order_by_param == "priority" else priority_order[::-1] ) issue_queryset = issue_queryset.annotate( priority_order=Case( @@ -183,8 +178,6 @@ class GlobalViewIssuesViewSet(BaseViewSet): ) else: issue_queryset = issue_queryset.order_by(order_by_param) - - total_issues = issue_queryset.count() issues = IssueLiteSerializer(issue_queryset, many=True).data ## Grouping the results @@ -195,17 +188,15 @@ class GlobalViewIssuesViewSet(BaseViewSet): {"error": "Group by and sub group by cannot be same"}, status=status.HTTP_400_BAD_REQUEST, ) - + if group_by: grouped_results = group_results(issues, group_by, sub_group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) - return Response( - {"data": issues, "total_issues": total_issues}, status=status.HTTP_200_OK - ) + return Response(issues, status=status.HTTP_200_OK) class IssueViewViewSet(BaseViewSet): diff --git a/apiserver/plane/api/views/workspace.py b/apiserver/plane/api/views/workspace.py index e92859f14..165a96179 100644 --- a/apiserver/plane/api/views/workspace.py +++ b/apiserver/plane/api/views/workspace.py @@ -1223,7 +1223,6 @@ class WorkspaceUserProfileIssuesEndpoint(BaseAPIView): else: issue_queryset = issue_queryset.order_by(order_by_param) - total_issues = issue_queryset.count() issues = IssueLiteSerializer(issue_queryset, many=True).data ## Grouping the results @@ -1231,12 +1230,12 @@ class WorkspaceUserProfileIssuesEndpoint(BaseAPIView): if group_by: grouped_results = group_results(issues, group_by) return Response( - {"data": grouped_results, "total_issues": total_issues}, + grouped_results, status=status.HTTP_200_OK, ) return Response( - {"data": issues, "total_issues": total_issues}, status=status.HTTP_200_OK + issues, status=status.HTTP_200_OK )