From 1f64a4d4284fd5478d67c57551503d3bf792e1c0 Mon Sep 17 00:00:00 2001
From: richard-loafle <44828666+richard-loafle@users.noreply.github.com>
Date: Mon, 10 Feb 2020 15:37:02 +0900
Subject: [PATCH] script injection is modified

---
 .../layouts/messenger/components/messages.component.ts    | 8 ++++----
 .../message-box/mass-translation.component.html           | 7 +++++--
 .../src/lib/components/message-box/mass.component.html    | 5 ++++-
 .../src/lib/components/message-box/sticker.component.html | 5 ++++-
 .../src/lib/components/message-box/text.component.html    | 2 +-
 .../src/lib/components/list-item.component.html           | 5 ++++-
 .../ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts  | 5 ++++-
 7 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts b/projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts
index 116b2b97..c984696c 100644
--- a/projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts
+++ b/projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts
@@ -691,7 +691,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
         req: {
           roomSeq: this.roomInfoSubject.value.roomSeq,
           eventType: EventType.Character,
-          sentMessage: StringUtil.escapeHtml(message)
+          sentMessage: message
         }
       })
     );
@@ -726,7 +726,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
     const stickerJson: StickerEventJson = {
       name: '스티커',
       file: this.selectedSticker.index,
-      chat: !!message ? StringUtil.escapeHtml(message.trim()) : ''
+      chat: !!message ? message.trim() : ''
     };
     this.store.dispatch(
       EventStore.send({
@@ -751,7 +751,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
           roomSeq: this.roomInfoSubject.value.roomSeq,
           eventType: EventType.MassText,
           // sentMessage: message.replace(/\n/gi, '\r\n')
-          sentMessage: StringUtil.escapeHtml(message)
+          sentMessage: message
         }
       })
     );
@@ -759,7 +759,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
   /** Send Translation message */
   sendMessageOfTranslate(message: string) {
     const destLocale = this.destLocale;
-    const original = StringUtil.escapeHtml(message);
+    const original = message;
     const roomSeq = this.roomInfoSubject.value.roomSeq;
 
     if (!!this.isTranslationProcess) {
diff --git a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html
index d25ddda8..ab676a00 100644
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html
@@ -2,7 +2,7 @@
   <div
     *ngIf="!translationSimpleview || (!!translationSimpleview && !!isMe)"
     class="original"
-    [innerHTML]="message.sentMessageJson.original | linky"
+    [innerHTML]="message.sentMessageJson.original | linky | ucapSafeHtml"
     (contextmenu)="onContextMenuMessage($event, 'original')"
   ></div>
   <div
@@ -11,7 +11,10 @@
     (contextmenu)="onContextMenuMessage($event, 'translation')"
   >
     <span class="language">{{ message.sentMessageJson.destLocale }}</span>
-    <span [innerHTML]="message.sentMessageJson.translation | linky"> </span>
+    <span
+      [innerHTML]="message.sentMessageJson.translation | linky | ucapSafeHtml"
+    >
+    </span>
   </div>
   <div class="btn-box">
     <ul>
diff --git a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html
index da08adee..54a6eba0 100644
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html
@@ -1,5 +1,8 @@
 <div class="bubble-main">
-  <span class="content" [innerHTML]="content | linefeedtohtml | linky"></span>
+  <span
+    class="content"
+    [innerHTML]="content | linefeedtohtml | linky | ucapSafeHtml"
+  ></span>
   <span>
     {{ message.sendDate | ucapDate: 'YYYY.MM.DD a hh:mm' }}
   </span>
diff --git a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html
index 2ba11f34..1e0dba11 100644
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html
@@ -6,6 +6,9 @@
         onerror="this.src='assets/sticker/sticker_default.png'"
       />
     </li>
-    <li *ngIf="contents" [innerHTML]="contents | linefeedtohtml | linky"></li>
+    <li
+      *ngIf="contents"
+      [innerHTML]="contents | linefeedtohtml | linky | ucapSafeHtml"
+    ></li>
   </ul>
 </div>
diff --git a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html
index 3c2db106..e9f7a85f 100644
--- a/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html
+++ b/projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html
@@ -1,3 +1,3 @@
 <div class="bubble-main">
-  <span [innerHTML]="message.sentMessage | linky"></span>
+  <span [innerHTML]="message.sentMessage | linky | ucapSafeHtml"></span>
 </div>
diff --git a/projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html b/projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html
index c890fc26..d4d95963 100644
--- a/projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html
+++ b/projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html
@@ -69,7 +69,10 @@
             <i class="mdi mid-18 mdi-bell-off-outline text-primary-light"></i>
           </div>
         </div>
-        <div class="final-message" [innerHTML]="finalEventMessage"></div>
+        <div
+          class="final-message"
+          [innerHTML]="finalEventMessage | ucapSafeHtml"
+        ></div>
       </div>
 
       <div class="date">
diff --git a/projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts b/projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts
index 40237093..4b606a90 100644
--- a/projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts
+++ b/projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts
@@ -1,11 +1,14 @@
 import { Pipe, PipeTransform } from '@angular/core';
 import { DomSanitizer } from '@angular/platform-browser';
+import { StringUtil } from '../utils/string.util';
 
 @Pipe({ name: 'ucapSafeHtml' })
 export class SafeHtmlPipe implements PipeTransform {
   constructor(private domSanitizer: DomSanitizer) {}
 
   public transform(value: string) {
-    return this.domSanitizer.bypassSecurityTrustHtml(value);
+    return this.domSanitizer.bypassSecurityTrustHtml(
+      StringUtil.escapeHtml(value)
+    );
   }
 }