diff --git a/frontend/package.json b/frontend/package.json index 8fc86457..571b8b39 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -33,6 +33,7 @@ "@types/color": "^3.0.1", "caret-pos": "^2.0.0", "color": "^3.1.3", + "dompurify": "^3.0.6", "moment": "^2.29.1", "ngx-infinite-scroll": "^10.0.1", "ngx-markdown": "^11.0.1", @@ -56,6 +57,7 @@ "@storybook/addon-essentials": "^6.1.11", "@storybook/addon-links": "^6.1.11", "@storybook/angular": "^6.1.11", + "@types/dompurify": "^3.0.5", "@types/jasmine": "~3.6.0", "@types/node": "^12.11.1", "babel-loader": "^8.2.2", diff --git a/frontend/src/app/modules/mips/pages/list-page/list-page.component.ts b/frontend/src/app/modules/mips/pages/list-page/list-page.component.ts index 77a3bf50..dfa04dab 100644 --- a/frontend/src/app/modules/mips/pages/list-page/list-page.component.ts +++ b/frontend/src/app/modules/mips/pages/list-page/list-page.component.ts @@ -26,6 +26,7 @@ import {ComponentMip} from '../../types/component-mip'; import {ISubsetDataElement} from '../../types/subset'; import {DarkModeService} from 'src/app/services/dark-mode/dark-mode.service'; import {DomSanitizer} from '@angular/platform-browser'; +import * as DOMPurify from 'dompurify'; @Component({ selector: 'app-list-page', @@ -243,7 +244,7 @@ export class ListPageComponent implements OnInit, AfterViewInit { parsedTextSearchParam = parsedSearchParam.documentElement.textContent; } - this.search = this.sanitizer.sanitize(1, parsedTextSearchParam); + this.search = DOMPurify.sanitize(parsedTextSearchParam); this.searchService.search.next(this.search); } @@ -883,7 +884,7 @@ export class ListPageComponent implements OnInit, AfterViewInit { onSendSearch(event: any): void { const search = event.target.value.toLowerCase().trim(); - this.search = this.sanitizer.sanitize(1, event.target.value); + this.search = DOMPurify.sanitize(event.target.value); this.searchService.search.next(event.target.value); this.showHideParentCheckbox = !!this.search; @@ -932,7 +933,7 @@ export class ListPageComponent implements OnInit, AfterViewInit { this.limitAux = 10; this.mips = []; this.page = 0; - this.search = this.sanitizer.sanitize(1, event.target.value); + this.search = DOMPurify.sanitize(event.target.value); this.searchMips(); this.setQueryParams(); } diff --git a/frontend/yarn.lock b/frontend/yarn.lock index 71a156de..345abf79 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -2681,6 +2681,13 @@ dependencies: "@types/color-convert" "*" +"@types/dompurify@^3.0.5": + version "3.0.5" + resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-3.0.5.tgz#02069a2fcb89a163bacf1a788f73cb415dd75cb7" + integrity sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg== + dependencies: + "@types/trusted-types" "*" + "@types/glob-base@^0.3.0": version "0.3.0" resolved "https://registry.npmjs.org/@types/glob-base/-/glob-base-0.3.0.tgz" @@ -2914,6 +2921,11 @@ resolved "https://registry.npmjs.org/@types/tapable/-/tapable-1.0.6.tgz" integrity sha512-W+bw9ds02rAQaMvaLYxAbJ6cvguW/iJXNT6lTssS1ps6QdrMKttqEAMEG/b5CR8TZl3/L7/lH0ZV5nNR1LXikA== +"@types/trusted-types@*": + version "2.0.7" + resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11" + integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw== + "@types/uglify-js@*": version "3.11.1" resolved "https://registry.npmjs.org/@types/uglify-js/-/uglify-js-3.11.1.tgz" @@ -6559,6 +6571,11 @@ domhandler@^4.0.0: dependencies: domelementtype "^2.1.0" +dompurify@^3.0.6: + version "3.0.6" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.6.tgz#925ebd576d54a9531b5d76f0a5bef32548351dae" + integrity sha512-ilkD8YEnnGh1zJ240uJsW7AzE+2qpbOUYjacomn3AvJ6J4JhKGSZ2nh4wUIXPZrEPppaCLx5jFe8T89Rk8tQ7w== + domutils@^1.5.1, domutils@^1.7.0: version "1.7.0" resolved "https://registry.npmjs.org/domutils/-/domutils-1.7.0.tgz"