Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cherry pick PR#50802 into trunk (#50811)

This commit is contained in:
Jorge A. Torres 2024-08-20 20:44:48 -03:00 committed by GitHub
parent 28ce18e13a
commit 749adf304d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
packages/js/currency/src/test/index.ts
View File

@ -102,4 +102,20 @@ describe( 'currency.formatDecimalString', () => {
// @ts-expect-error formatAccount expects a number or string;
expect( currency.formatDecimalString( null ) ).toBe( '' );
} );
it( 'should strip tags in getPriceFormat', () => {
const currency = Currency();
expect(
currency.getPriceFormat( {
priceFormat: '<b>tag</b>format',
} )
).toBe( 'tagformat' );
expect(
currency.getPriceFormat( {
priceFormat: '<script>tag</script>format',
} )
).toBe( 'format' );
} );
} );

14
packages/js/currency/src/utils.tsx
View File

@ -66,9 +66,17 @@ const CurrencyFactoryBase = function ( currencySetting?: CurrencyConfig ) {
let currency: Currency;
function stripTags( str: string ) {
const tmp = document.createElement( 'DIV' );
tmp.innerHTML = str;
return tmp.textContent || tmp.innerText || '';
// sanitize Polyfill - see https://github.com/WordPress/WordPress/blob/master/wp-includes/js/wp-sanitize.js
const strippedStr = str
.replace( /<!--[\s\S]*?(-->|$)/g, '' )
.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/gi, '' )
.replace( /<\/?[a-z][\s\S]*?(>|$)/gi, '' );
if ( strippedStr !== str ) {
return stripTags( strippedStr );
}
return strippedStr;
}
/**