Skip to content

Commit

Permalink
Merge pull request #5497 from formio/revert-5418-FIO-7544-html-saniti…
Browse files Browse the repository at this point in the history
…zation-issue

Revert "FIO-7544: Fixes an issue where scripts inside HTML component will be executed during interpolation"
  • Loading branch information
edwinanciani authored Feb 1, 2024
2 parents f682516 + 94a5edd commit 1ab3539
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 56 deletions.
14 changes: 6 additions & 8 deletions src/components/html/HTML.js
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,13 @@ export default class HTMLComponent extends Component {
}

const submission = _.get(this.root, 'submission', {});
const content = this.component.content ? this.interpolate(
this.sanitize(this.component.content, this.shouldSanitizeValue),
{
metadata: submission.metadata || {},
submission: submission,
data: this.rootValue,
row: this.data
const content = this.component.content ? this.interpolate(this.component.content, {
metadata: submission.metadata || {},
submission: submission,
data: this.rootValue,
row: this.data
}) : '';
return content;
return this.sanitize(content, this.shouldSanitizeValue);
}

get singleTags() {
Expand Down
18 changes: 1 addition & 17 deletions src/components/html/HTML.unit.js
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
import Webform from '../../Webform';
import Harness from '../../../test/harness';
import HTMLComponent from './HTML';
import sinon from 'sinon';
import assert from 'power-assert';

import {
comp1,
comp2,
comp3,
comp2
} from './fixtures';

describe('HTML Component', () => {
Expand All @@ -32,18 +30,4 @@ describe('HTML Component', () => {
assert.equal(emit.callCount, 0);
});
});

it('Should not execute scripts inside HTML component', (done) => {
const formElement = document.createElement('div');
const form = new Webform(formElement);

const alert = sinon.spy(window, 'alert');
form.setForm(comp3).then(() => {
setTimeout(() => {
assert.equal(alert.callCount, 0);
done();
}, 200);
})
.catch(done);
});
});
29 changes: 0 additions & 29 deletions src/components/html/fixtures/comp3.js

This file was deleted.

3 changes: 1 addition & 2 deletions src/components/html/fixtures/index.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import comp1 from './comp1';
import comp2 from './comp2';
import comp3 from './comp3';
export { comp1, comp2, comp3 };
export { comp1, comp2 };

0 comments on commit 1ab3539

Please sign in to comment.