script injection is modified

2020-02-10 15:37:02 +09:00 · 2020-02-10 15:37:02 +09:00 · 1f64a4d428
commit 1f64a4d428
parent b095cc60f6
7 changed files with 26 additions and 11 deletions
--- a/projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts
+++ b/projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts
@ -691,7 +691,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
        req: {
          roomSeq: this.roomInfoSubject.value.roomSeq,
          eventType: EventType.Character,
-          sentMessage: StringUtil.escapeHtml(message)
+          sentMessage: message
        }
      })
    );
@ -726,7 +726,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
    const stickerJson: StickerEventJson = {
      name: '스티커',
      file: this.selectedSticker.index,
-      chat: !!message ? StringUtil.escapeHtml(message.trim()) : ''
+      chat: !!message ? message.trim() : ''
    };
    this.store.dispatch(
      EventStore.send({
@ -751,7 +751,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
          roomSeq: this.roomInfoSubject.value.roomSeq,
          eventType: EventType.MassText,
          // sentMessage: message.replace(/\n/gi, '\r\n')
-          sentMessage: StringUtil.escapeHtml(message)
+          sentMessage: message
        }
      })
    );
@ -759,7 +759,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
  /** Send Translation message */
  sendMessageOfTranslate(message: string) {
    const destLocale = this.destLocale;
-    const original = StringUtil.escapeHtml(message);
+    const original = message;
    const roomSeq = this.roomInfoSubject.value.roomSeq;

    if (!!this.isTranslationProcess) {
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html
@ -2,7 +2,7 @@
  <div
    *ngIf="!translationSimpleview || (!!translationSimpleview && !!isMe)"
    class="original"
-    [innerHTML]="message.sentMessageJson.original | linky"
+    [innerHTML]="message.sentMessageJson.original | linky | ucapSafeHtml"
    (contextmenu)="onContextMenuMessage($event, 'original')"
  ></div>
  <div
@ -11,7 +11,10 @@
    (contextmenu)="onContextMenuMessage($event, 'translation')"
  >
    <span class="language">{{ message.sentMessageJson.destLocale }}</span>
-    <span [innerHTML]="message.sentMessageJson.translation | linky"> </span>
+    <span
+      [innerHTML]="message.sentMessageJson.translation | linky | ucapSafeHtml"
+    >
+    </span>
  </div>
  <div class="btn-box">
    <ul>
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html
@ -1,5 +1,8 @@
 <div class="bubble-main">
-  <span class="content" [innerHTML]="content | linefeedtohtml | linky"></span>
+  <span
+    class="content"
+    [innerHTML]="content | linefeedtohtml | linky | ucapSafeHtml"
+  ></span>
  <span>
    {{ message.sendDate | ucapDate: 'YYYY.MM.DD a hh:mm' }}
  </span>
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html
@ -6,6 +6,9 @@
        onerror="this.src='assets/sticker/sticker_default.png'"
      />
    </li>
-    <li *ngIf="contents" [innerHTML]="contents | linefeedtohtml | linky"></li>
+    <li
+      *ngIf="contents"
+      [innerHTML]="contents | linefeedtohtml | linky | ucapSafeHtml"
+    ></li>
  </ul>
 </div>
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html
@ -1,3 +1,3 @@
 <div class="bubble-main">
-  <span [innerHTML]="message.sentMessage | linky"></span>
+  <span [innerHTML]="message.sentMessage | linky | ucapSafeHtml"></span>
 </div>
--- a/projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html
+++ b/projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html
@ -69,7 +69,10 @@
            <i class="mdi mid-18 mdi-bell-off-outline text-primary-light"></i>
          </div>
        </div>
-        <div class="final-message" [innerHTML]="finalEventMessage"></div>
+        <div
+          class="final-message"
+          [innerHTML]="finalEventMessage | ucapSafeHtml"
+        ></div>
      </div>

      <div class="date">
--- a/projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts
+++ b/projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts
@ -1,11 +1,14 @@
 import { Pipe, PipeTransform } from '@angular/core';
 import { DomSanitizer } from '@angular/platform-browser';
+import { StringUtil } from '../utils/string.util';

@Pipe({ name: 'ucapSafeHtml' })
 export class SafeHtmlPipe implements PipeTransform {
  constructor(private domSanitizer: DomSanitizer) {}

  public transform(value: string) {
-    return this.domSanitizer.bypassSecurityTrustHtml(value);
+    return this.domSanitizer.bypassSecurityTrustHtml(
+      StringUtil.escapeHtml(value)
+    );
  }
 }