Escape angle brackets in highlightField #1012
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- replace all '<' and '>' in the plain text with '<' and '>' before providing highlight to the snippets J=SLAP-1703 TEST=manual update bryan's entity description to include script tags, search for 'where is joe exotic' and see that the script tags appear. (without the replacement, they do not appear)
cea2aj
reviewed
Nov 29, 2021
tmeyer2115
reviewed
Nov 29, 2021
oshi97
reviewed
Nov 29, 2021
oshi97
reviewed
Nov 29, 2021
static/js/formatters-internal.js
Outdated
| @@ -540,20 +541,20 @@ export function priceRange(defaultPriceRange, countryCode) { | |||
| * highlight. | |||
| */ | |||
| export function highlightField(fieldValue, matchedSubstrings = []) { | |||
| let highlightedString = fieldValue; | |||
| let highlightedString = ''; | |||
|
|
|||
| // We must first sort the matchedSubstrings by decreasing offset. | |||
There was a problem hiding this comment.
This comment is out of date now that we are sorting by ascending offset
There was a problem hiding this comment.
could we get some unit tests as well? specifically for cases with multiple highlighted substrings, since those are a little tricky, as well as the actual escaping
added 2 commits
November 29, 2021 13:03
cea2aj
approved these changes
Nov 29, 2021
Merged
tmeyer2115
added a commit
that referenced
this pull request
Dec 14, 2021
### Features - Consumer Authentication support was added for the Sandbox environment. (#996) - The existing `image` formatter was updated to support photos sent from the Streams API. (#998) - Support for Direct Answers on Vertical was added to the `vertical-standard` template. It is commented out by default. (#994) ### Changes - To better support Consumer Authentication, the `AnswersExperience.init()` method can be called on `Document` load. (#995) - The default `universalLimit` for all Vertical page configs was updated to 4. (#1010, #1021) ### Bugfixes - Ensured that in all page templates, the `SpellCheck` appears above the `ResultsCount`. (#1011, #1017) - In the `highlightedField` formatter, any HTML tag that appears in the text, that is not `<mark>` or `</mark>`, is now escaped. (#1012) - Font pre-loads on Multi-lang sites now work correctly. (#1018) - A new CSS variable was added: `--yxt-filter-options-option-label-line-height`. This variable, when kept in proper proportion to `--yxt-filters-and-sorts-font-size`, will ensure the scroll bar does not erroneously appear for filter options. (#1015, #1019)
Merged
tmeyer2115
added a commit
that referenced
this pull request
Jan 11, 2022
### Features - Consumer Authentication support was added for the Sandbox environment. (#996) - The existing `image` formatter was updated to support photos sent from the Streams API. (#998) - Support for Direct Answers on Vertical was added to the `vertical-standard` template. It is commented out by default. (#994) ### Changes - To better support Consumer Authentication, the `AnswersExperience.init()` method can be called on `Document` load. (#995) - The default `universalLimit` for all Vertical page configs was updated to 4. (#1010, #1021) ### Bugfixes - Ensured that in all page templates, the `SpellCheck` appears above the `ResultsCount`. (#1011, #1017) - In the `highlightedField` formatter, any HTML tag that appears in the text, that is not `<mark>` or `</mark>`, is now escaped. (#1012) - Font pre-loads on Multi-lang sites now work correctly. (#1018) - A new CSS variable was added: `--yxt-filter-options-option-label-line-height`. This variable, when kept in proper proportion to `--yxt-filters-and-sorts-font-size`, will ensure the scroll bar does not erroneously appear for filter options. (#1015, #1019)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
substris deprecated, replaced withsubstringJ=SLAP-1703
TEST=manual & auto
update bryan's entity description to include script tags, search for 'where is joe exotic' and see that the script tags appear. (without the replacement, they do not appear)
see added jest tests passed