Skip to content

Commit e7195f8

Browse files
committed
Merge branch '2.3' of ezsystems/ezplatform-admin-ui into 4.6
2 parents 03ee5c9 + acaa620 commit e7195f8

File tree

5 files changed

+43
-10
lines changed

5 files changed

+43
-10
lines changed

.github/workflows/ci.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
php:
1717
- '8.0'
1818
steps:
19-
- uses: actions/checkout@v3
19+
- uses: actions/checkout@v4
2020

2121
- name: Setup PHP Action
2222
uses: shivammathur/setup-php@v2
@@ -26,7 +26,7 @@ jobs:
2626
extensions: 'pdo_sqlite, gd'
2727
tools: cs2pr
2828

29-
- uses: ramsey/composer-install@v2
29+
- uses: "ramsey/composer-install@v3"
3030
with:
3131
dependency-versions: "highest"
3232

@@ -47,7 +47,7 @@ jobs:
4747
- '8.1'
4848

4949
steps:
50-
- uses: actions/checkout@v3
50+
- uses: actions/checkout@v4
5151

5252
- name: Setup PHP Action
5353
uses: shivammathur/setup-php@v2
@@ -57,7 +57,7 @@ jobs:
5757
extensions: pdo_sqlite, gd
5858
tools: cs2pr
5959

60-
- uses: ramsey/composer-install@v2
60+
- uses: "ramsey/composer-install@v3"
6161
with:
6262
dependency-versions: "highest"
6363
composer-options: "--prefer-dist --no-progress"

src/bundle/Resources/public/js/scripts/admin.search.filters.js

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
(function (global, doc, ibexa, flatpickr, React, ReactDOM) {
2+
const { escapeHTML, escapeHTMLAttribute } = ibexa.helpers.text;
3+
const { dangerouslySetInnerHTML } = ibexa.helpers.dom;
24
let getUsersTimeout;
35
const CLASS_DATE_RANGE = 'ibexa-filters__range-wrapper';
46
const CLASS_VISIBLE_DATE_RANGE = 'ibexa-filters__range-wrapper--visible';
@@ -118,11 +120,11 @@
118120
};
119121
const filterByContentType = () => {
120122
const selectedCheckboxes = [...contentTypeCheckboxes].filter((checkbox) => checkbox.checked);
121-
const contentTypesText = selectedCheckboxes.map((checkbox) => checkbox.dataset.name).join(', ');
123+
const contentTypesText = selectedCheckboxes.map((checkbox) => escapeHTML(checkbox.dataset.name)).join(', ');
122124
const [option] = contentTypeSelect;
123125
const defaultText = option.dataset.default;
124126

125-
option.innerHTML = contentTypesText || defaultText;
127+
dangerouslySetInnerHTML(option, contentTypesText || defaultText);
126128

127129
toggleDisabledStateOnApplyBtn();
128130
};
@@ -186,14 +188,17 @@
186188
.then(showUsersList);
187189
};
188190
const createUsersListItem = (user) => {
189-
return `<li data-id="${user._id}" data-name="${user.TranslatedName}" class="ibexa-filters__user-item">${user.TranslatedName}</li>`;
191+
const userNameHtmlEscaped = escapeHTML(user.TranslatedName);
192+
const userNameHtmlAttributeEscaped = escapeHTMLAttribute(user.TranslatedName);
193+
194+
return `<li data-id="${user._id}" data-name="${userNameHtmlAttributeEscaped}" class="ibexa-filters__user-item">${userNameHtmlEscaped}</li>`;
190195
};
191196
const showUsersList = (data) => {
192197
const hits = data.View.Result.searchHits.searchHit;
193198
const users = hits.reduce((total, hit) => total + createUsersListItem(hit.value.Content), '');
194199
const methodName = users ? 'addEventListener' : 'removeEventListener';
195200

196-
usersList.innerHTML = users;
201+
dangerouslySetInnerHTML(usersList, users);
197202
usersList.classList.remove('ibexa-filters__user-list--hidden');
198203

199204
doc.querySelector('body')[methodName]('click', handleClickOutsideUserList, false);

src/bundle/Resources/public/js/scripts/admin.trash.list.js

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
(function (global, doc, ibexa, React, ReactDOM, Translator) {
2+
const { escapeHTML, escapeHTMLAttribute } = ibexa.helpers.text;
3+
const { dangerouslySetInnerHTML } = ibexa.helpers.dom;
24
let getUsersTimeout;
35
const CLASS_SORTED_ASC = 'ibexa-table__sort-column--asc';
46
const CLASS_SORTED_DESC = 'ibexa-table__sort-column--desc';
@@ -150,14 +152,17 @@
150152
.catch(() => ibexa.helpers.notification.showErrorNotification(errorMessage));
151153
};
152154
const createUsersListItem = (user) => {
153-
return `<li data-id="${user._id}" data-name="${user.TranslatedName}" class="ibexa-trash-search-form__user-item">${user.TranslatedName}</li>`;
155+
const userNameHtmlEscaped = escapeHTML(user.TranslatedName);
156+
const userNameHtmlAttributeEscaped = escapeHTMLAttribute(user.TranslatedName);
157+
158+
return `<li data-id="${user._id}" data-name="${userNameHtmlAttributeEscaped}" class="ibexa-trash-search-form__user-item">${userNameHtmlEscaped}</li>`;
154159
};
155160
const showUsersList = (data) => {
156161
const hits = data.View.Result.searchHits.searchHit;
157162
const users = hits.reduce((total, hit) => total + createUsersListItem(hit.value.Content), '');
158163
const methodName = users ? 'addEventListener' : 'removeEventListener';
159164

160-
usersList.innerHTML = users;
165+
dangerouslySetInnerHTML(usersList, users);
161166
usersList.classList.remove('ibexa-trash-search-form__user-list--hidden');
162167

163168
doc.querySelector('body')[methodName]('click', handleClickOutsideUserList, false);

src/bundle/Resources/public/js/scripts/helpers/config.loader.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import * as browser from './browser.helper';
22
import * as contentType from './content.type.helper';
33
import * as cookies from './cookies.helper';
4+
import * as dom from './dom.helper';
45
import * as formError from './form.error.helper';
56
import * as formValidation from './form.validation.helper';
67
import * as highlight from './highlight.helper';
@@ -26,6 +27,7 @@ import * as user from './user.helper';
2627
ibexa.addConfig('helpers.browser', browser);
2728
ibexa.addConfig('helpers.contentType', contentType);
2829
ibexa.addConfig('helpers.cookies', cookies);
30+
ibexa.addConfig('helpers.dom', dom);
2931
ibexa.addConfig('helpers.formError', formError);
3032
ibexa.addConfig('helpers.formValidation', formValidation);
3133
ibexa.addConfig('helpers.highlight', highlight);
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
import { escapeHTML } from './text.helper';
2+
3+
const safelySetInnerHTML = (node, text) => {
4+
node.innerHTML = escapeHTML(text);
5+
};
6+
7+
const dangerouslySetInnerHTML = (node, text) => {
8+
node.innerHTML = text;
9+
};
10+
11+
const dangerouslyInsertAdjacentHTML = (node, position, text) => {
12+
const escapedText = text;
13+
14+
node.insertAdjacentHTML(position, escapedText);
15+
};
16+
17+
const dangerouslyAppend = (node, nodeOrText) => {
18+
node.append(nodeOrText);
19+
};
20+
21+
export { safelySetInnerHTML, dangerouslySetInnerHTML, dangerouslyInsertAdjacentHTML, dangerouslyAppend };

0 commit comments

Comments
 (0)