First attempt at sanitising the collection content field HTML

DSpace · Oct 2, 2024 · 10b7337 · 10b7337
1 parent 12d1488
commit 10b7337
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 9 deletions.
diff --git a/src/app/collection-page/collection-home/collection-home-page.component.html b/src/app/collection-page/collection-home/collection-home-page.component.html
@@ -12,13 +12,11 @@
             </ds-comcol-page-header>
             <!-- header text -->
             <ds-comcol-page-content
-                [content]="collection.customHeaderText"
-		[hasInnerHtml]="true">
+                [innerHTML]="sanitizeCustomHeaderText(collection.customHeaderText)">
             </ds-comcol-page-content>
 	    <!-- intro text -->
             <ds-comcol-page-content
-                [content]="collection.customHomePageIntroText"
-		[hasInnerHtml]="true">
+                [innerHTML]="sanitizeCustomIntrotext(collection.customHomePageIntroText)">
             </ds-comcol-page-content>
 	    <!-- Collection logo -->
             <ds-comcol-page-logo *ngIf="logoRD$"
@@ -46,13 +44,11 @@
         <footer *ngIf="(collection.copyrightText || collection.customOwnerNameText || collection.customFooterText)" class="border-top my-5 pt-4">
           <!-- owner name -->
           <ds-comcol-page-content
-              [content]="collection.customOwnerNameText"
-	      [hasInnerHtml]="true">
+              [innerHTML]="sanitizeOwnerNameText(collection.customOwnerNameText)">
           </ds-comcol-page-content>
 	  <!-- footer -->
           <ds-comcol-page-content
-              [content]="collection.customFooterText"
-	      [hasInnerHtml]="true">
+              [innerHTML]="sanitizeCustomFootertext(collection.customFooterText)">
           </ds-comcol-page-content>
           <!-- Copyright -->
           <ds-comcol-page-content

diff --git a/src/app/collection-page/collection-home/collection-home-page.component.ts b/src/app/collection-page/collection-home/collection-home-page.component.ts
@@ -6,7 +6,11 @@ import {
   ChangeDetectionStrategy,
   Component,
   OnInit,
+  SecurityContext,
 } from '@angular/core';
+import {
+  DomSanitizer,
+} from '@angular/platform-browser';
 import {
   ActivatedRoute,
   Router,
@@ -103,6 +107,7 @@ export class CollectionHomePageComponent implements OnInit {
     protected authService: AuthService,
     protected authorizationDataService: AuthorizationDataService,
     public dsoNameService: DSONameService,
+    protected sanitizer: DomSanitizer,
   ) {
   }
 
@@ -129,5 +134,16 @@ export class CollectionHomePageComponent implements OnInit {
     return isNotEmpty(object);
   }
 
-
+  public sanitizeCustomHeaderText(value) {
+    return this.sanitizer.sanitize(SecurityContext.HTML, value);
+  }
+  public sanitizeCustomIntrotext(value) {
+    return this.sanitizer.sanitize(SecurityContext.HTML, value);
+  }
+  public sanitizeOwnerNameText(value) {
+    return this.sanitizer.sanitize(SecurityContext.HTML, value);
+  }
+  public sanitizeCustomFootertext(value) {
+    return this.sanitizer.sanitize(SecurityContext.HTML, value);
+  }
 }