ucap/next-ucap-messenger
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

script injection is modified

Browse Source
This commit is contained in:
richard-loafle 2020-02-10 15:37:02 +09:00
parent b095cc60f6
commit 1f64a4d428
7 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
projects/ucap-webmessenger-app/src/app/layouts/messenger/components/messages.component.ts
View File

@ -691,7 +691,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
req: { req: {
roomSeq: this.roomInfoSubject.value.roomSeq, roomSeq: this.roomInfoSubject.value.roomSeq,
eventType: EventType.Character, eventType: EventType.Character,
sentMessage: StringUtil.escapeHtml(message) sentMessage: message
} }
}) })
); );
@ -726,7 +726,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
const stickerJson: StickerEventJson = { const stickerJson: StickerEventJson = {
name: '스티커', name: '스티커',
file: this.selectedSticker.index, file: this.selectedSticker.index,
chat: !!message ? StringUtil.escapeHtml(message.trim()) : '' chat: !!message ? message.trim() : ''
}; };
this.store.dispatch( this.store.dispatch(
EventStore.send({ EventStore.send({
@ -751,7 +751,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
roomSeq: this.roomInfoSubject.value.roomSeq, roomSeq: this.roomInfoSubject.value.roomSeq,
eventType: EventType.MassText, eventType: EventType.MassText,
// sentMessage: message.replace(/\n/gi, '\r\n') // sentMessage: message.replace(/\n/gi, '\r\n')
sentMessage: StringUtil.escapeHtml(message) sentMessage: message
} }
}) })
); );
@ -759,7 +759,7 @@ export class MessagesComponent implements OnInit, OnDestroy, AfterViewInit {
/** Send Translation message */ /** Send Translation message */
sendMessageOfTranslate(message: string) { sendMessageOfTranslate(message: string) {
const destLocale = this.destLocale; const destLocale = this.destLocale;
const original = StringUtil.escapeHtml(message); const original = message;
const roomSeq = this.roomInfoSubject.value.roomSeq; const roomSeq = this.roomInfoSubject.value.roomSeq;
if (!!this.isTranslationProcess) { if (!!this.isTranslationProcess) {

7
projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass-translation.component.html
View File

@ -2,7 +2,7 @@
<div <div
*ngIf="!translationSimpleview || (!!translationSimpleview && !!isMe)" *ngIf="!translationSimpleview || (!!translationSimpleview && !!isMe)"
class="original" class="original"
[innerHTML]="message.sentMessageJson.original | linky" [innerHTML]="message.sentMessageJson.original | linky | ucapSafeHtml"
(contextmenu)="onContextMenuMessage($event, 'original')" (contextmenu)="onContextMenuMessage($event, 'original')"
></div> ></div>
<div <div
@ -11,7 +11,10 @@
(contextmenu)="onContextMenuMessage($event, 'translation')" (contextmenu)="onContextMenuMessage($event, 'translation')"
> >
<span class="language">{{ message.sentMessageJson.destLocale }}</span> <span class="language">{{ message.sentMessageJson.destLocale }}</span>
<span [innerHTML]="message.sentMessageJson.translation | linky"> </span> <span
[innerHTML]="message.sentMessageJson.translation | linky | ucapSafeHtml"
>
</span>
</div> </div>
<div class="btn-box"> <div class="btn-box">
<ul> <ul>

5
projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/mass.component.html
View File

@ -1,5 +1,8 @@
<div class="bubble-main"> <div class="bubble-main">
<span class="content" [innerHTML]="content | linefeedtohtml | linky"></span> <span
class="content"
[innerHTML]="content | linefeedtohtml | linky | ucapSafeHtml"
></span>
<span> <span>
{{ message.sendDate | ucapDate: 'YYYY.MM.DD a hh:mm' }} {{ message.sendDate | ucapDate: 'YYYY.MM.DD a hh:mm' }}
</span> </span>

5
projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/sticker.component.html
View File

@ -6,6 +6,9 @@
onerror="this.src='assets/sticker/sticker_default.png'" onerror="this.src='assets/sticker/sticker_default.png'"
/> />
</li> </li>
<li *ngIf="contents" [innerHTML]="contents | linefeedtohtml | linky"></li> <li
*ngIf="contents"
[innerHTML]="contents | linefeedtohtml | linky | ucapSafeHtml"
></li>
</ul> </ul>
</div> </div>

2
projects/ucap-webmessenger-ui-chat/src/lib/components/message-box/text.component.html
View File

@ -1,3 +1,3 @@
<div class="bubble-main"> <div class="bubble-main">
<span [innerHTML]="message.sentMessage | linky"></span> <span [innerHTML]="message.sentMessage | linky | ucapSafeHtml"></span>
</div> </div>

5
projects/ucap-webmessenger-ui-room/src/lib/components/list-item.component.html
View File

@ -69,7 +69,10 @@
<i class="mdi mid-18 mdi-bell-off-outline text-primary-light"></i> <i class="mdi mid-18 mdi-bell-off-outline text-primary-light"></i>
</div> </div>
</div> </div>
<div class="final-message" [innerHTML]="finalEventMessage"></div> <div
class="final-message"
[innerHTML]="finalEventMessage | ucapSafeHtml"
></div>
</div> </div>
<div class="date"> <div class="date">

5
projects/ucap-webmessenger-ui/src/lib/pipes/safe-html.pipe.ts
View File

@ -1,11 +1,14 @@
import { Pipe, PipeTransform } from '@angular/core'; import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser'; import { DomSanitizer } from '@angular/platform-browser';
import { StringUtil } from '../utils/string.util';
@Pipe({ name: 'ucapSafeHtml' }) @Pipe({ name: 'ucapSafeHtml' })
export class SafeHtmlPipe implements PipeTransform { export class SafeHtmlPipe implements PipeTransform {
constructor(private domSanitizer: DomSanitizer) {} constructor(private domSanitizer: DomSanitizer) {}
public transform(value: string) { public transform(value: string) {
return this.domSanitizer.bypassSecurityTrustHtml(value); return this.domSanitizer.bypassSecurityTrustHtml(
StringUtil.escapeHtml(value)
);
} }
} }