Creates htmlSanitizer admin Vue plugin to unifiy sanitization logic on js side.

2023-11-20 10:41:06 -03:00 · 2023-11-20 10:41:06 -03:00 · edbd91b88d
parent ff12ea619f
commit edbd91b88d
4 changed files with 27 additions and 6 deletions
--- a/src/views/admin/components/lists/terms-list-hierarchical.vue
+++ b/src/views/admin/components/lists/terms-list-hierarchical.vue
@ -751,7 +751,7 @@ export default {
                            let errorMessage = errors.length > 1 ? this.$i18n.getWithVariables('info_terms_creation_failed_due_to_values_%s', [ wrongValues ]) : this.$i18n.getWithVariables('info_terms_creation_failed_due_to_value_%s', [ wrongValues ]); 
                            errorMessage += ' ' + errors[0]['errors'][0]['name'];
                            this.$buefy.snackbar.open({
-                                message: errorMessage.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
+                                message: this.$htmlSanitizer.sanitize(errorMessage),
                                type: 'is-danger',
                                position: 'is-bottom-right',
                                pauseOnHover: true,
--- a/src/views/admin/js/admin-main.js
+++ b/src/views/admin/js/admin-main.js
@ -82,7 +82,8 @@ import {
    UserCapabilitiesPlugin,
    StatusHelperPlugin,
    CommentsStatusHelperPlugin,
-    AdminOptionsHelperPlugin 
+    AdminOptionsHelperPlugin,
+    HtmlSanitizerPlugin 
 } from './admin-utilities';
 import { 
    ThumbnailHelperPlugin,
@ -175,6 +176,7 @@ export default (element) => {
            Vue.use(ThumbnailHelperPlugin);
            Vue.use(OrderByHelperPlugin);
            Vue.use(StatusHelperPlugin);
+            Vue.use(HtmlSanitizerPlugin);
            Vue.use(ConsolePlugin, {visual: false});
            Vue.use(VueTheMask);
            Vue.use(CommentsStatusHelperPlugin);
--- a/src/views/admin/js/admin-utilities.js
+++ b/src/views/admin/js/admin-utilities.js
@ -7,6 +7,21 @@ const wpApi = axios.create({

 wpApi.defaults.headers.common['X-WP-Nonce'] = tainacan_plugin.nonce;

+const tainacanSanitize = function(htmlString) {
+    return htmlString.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;')
+}
+
+// HTML SANITIZE PLUGIN - Helps sanitizing html string from javascript.
+export const HtmlSanitizerPlugin = {};
+HtmlSanitizerPlugin.install = function (Vue, options = {}) {
+    
+    Vue.prototype.$htmlSanitizer = {
+        sanitize(htmlString) {
+            return tainacanSanitize(htmlString);
+        }
+    }
+};
+
 // CONSOLE PLUGIN - Allows custom use of console functions and avoids eslint warnings.
 export const ConsolePlugin = {};
 ConsolePlugin.install = function (Vue, options = { visual: false }) {
@ -15,7 +30,7 @@ ConsolePlugin.install = function (Vue, options = { visual: false }) {
        log(something) {
            if (options.visual) {
                Vue.prototype.$buefy.snackbar.open({
-                    message: something.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
+                    message: htmlString(something),
                    type: 'is-secondary',
                    position: 'is-bottom-right',
                    indefinite: true,
@ -28,7 +43,7 @@ ConsolePlugin.install = function (Vue, options = { visual: false }) {
        info(someInfo) {
            if (options.visual) {
                Vue.prototype.$buefy.snackbar.open({
-                    message: someInfo.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
+                    message: tainacanSanitize(someInfo),
                    type: 'is-primary',
                    position: 'is-bottom-right',
                    duration: 5000,
@ -41,7 +56,7 @@ ConsolePlugin.install = function (Vue, options = { visual: false }) {
        error(someError) {
            if (options.visual) {
                Vue.prototype.$buefy.snackbar.open({
-                    message: someError.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
+                    message: tainacanSanitize(someError),
                    type: 'is-danger',
                    position: 'is-bottom-right',
                    indefinite: true,
--- a/src/views/admin/js/axios.js
+++ b/src/views/admin/js/axios.js
@ -9,6 +9,10 @@ const i18nGet = function (key) {
    return (string !== undefined && string !== null && string !== '' ) ? string : "ERROR: Invalid i18n key!";
 };

+const tainacanSanitize = function(htmlString) {
+    return htmlString.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;')
+}
+
 export const tainacanErrorHandler = function(error) {
    if (error.response && error.response.status) {
        // The request was made and the server responded with a status code
@ -37,7 +41,7 @@ export const tainacanErrorHandler = function(error) {
                    break;
            }
            Snackbar.open({
-                message: errorMessage.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;'),
+                message: tainacanSanitize(errorMessage),
                type: 'is-danger',
                duration: duration,
                actionText: errorMessageDetail != '' ? i18nGet('label_know_more') : null,