-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape angle brackets in highlightField #1012
Conversation
- replace all '<' and '>' in the plain text with '<' and '>' before providing highlight to the snippets J=SLAP-1703 TEST=manual update bryan's entity description to include script tags, search for 'where is joe exotic' and see that the script tags appear. (without the replacement, they do not appear)
static/js/formatters-internal.js
Outdated
@@ -540,20 +541,20 @@ export function priceRange(defaultPriceRange, countryCode) { | |||
* highlight. | |||
*/ | |||
export function highlightField(fieldValue, matchedSubstrings = []) { | |||
let highlightedString = fieldValue; | |||
let highlightedString = ''; | |||
|
|||
// We must first sort the matchedSubstrings by decreasing offset. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment is out of date now that we are sorting by ascending offset
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we get some unit tests as well? specifically for cases with multiple highlighted substrings, since those are a little tricky, as well as the actual escaping
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup, just added!
### Features - Consumer Authentication support was added for the Sandbox environment. (#996) - The existing `image` formatter was updated to support photos sent from the Streams API. (#998) - Support for Direct Answers on Vertical was added to the `vertical-standard` template. It is commented out by default. (#994) ### Changes - To better support Consumer Authentication, the `AnswersExperience.init()` method can be called on `Document` load. (#995) - The default `universalLimit` for all Vertical page configs was updated to 4. (#1010, #1021) ### Bugfixes - Ensured that in all page templates, the `SpellCheck` appears above the `ResultsCount`. (#1011, #1017) - In the `highlightedField` formatter, any HTML tag that appears in the text, that is not `<mark>` or `</mark>`, is now escaped. (#1012) - Font pre-loads on Multi-lang sites now work correctly. (#1018) - A new CSS variable was added: `--yxt-filter-options-option-label-line-height`. This variable, when kept in proper proportion to `--yxt-filters-and-sorts-font-size`, will ensure the scroll bar does not erroneously appear for filter options. (#1015, #1019)
### Features - Consumer Authentication support was added for the Sandbox environment. (#996) - The existing `image` formatter was updated to support photos sent from the Streams API. (#998) - Support for Direct Answers on Vertical was added to the `vertical-standard` template. It is commented out by default. (#994) ### Changes - To better support Consumer Authentication, the `AnswersExperience.init()` method can be called on `Document` load. (#995) - The default `universalLimit` for all Vertical page configs was updated to 4. (#1010, #1021) ### Bugfixes - Ensured that in all page templates, the `SpellCheck` appears above the `ResultsCount`. (#1011, #1017) - In the `highlightedField` formatter, any HTML tag that appears in the text, that is not `<mark>` or `</mark>`, is now escaped. (#1012) - Font pre-loads on Multi-lang sites now work correctly. (#1018) - A new CSS variable was added: `--yxt-filter-options-option-label-line-height`. This variable, when kept in proper proportion to `--yxt-filters-and-sorts-font-size`, will ensure the scroll bar does not erroneously appear for filter options. (#1015, #1019)
substr
is deprecated, replaced withsubstring
J=SLAP-1703
TEST=manual & auto
update bryan's entity description to include script tags, search for 'where is joe exotic' and see that the script tags appear. (without the replacement, they do not appear)
see added jest tests passed