From 4e9038519cb5c3be829ac00535865f0d8c3e041a Mon Sep 17 00:00:00 2001 From: Nevo David Date: Mon, 22 Sep 2025 00:34:45 +0700 Subject: [PATCH] feat: more esacpe --- .../src/utils/strip.html.validation.ts | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/libraries/helpers/src/utils/strip.html.validation.ts b/libraries/helpers/src/utils/strip.html.validation.ts index 1ca17c13..682fbbc5 100644 --- a/libraries/helpers/src/utils/strip.html.validation.ts +++ b/libraries/helpers/src/utils/strip.html.validation.ts @@ -156,7 +156,13 @@ export const stripHtmlValidation = ( 'strong', 'u', 'a', - ]); + ]) + .replace(/>/gi, '>') + .replace(/</gi, '<') + .replace(/&/gi, '&') + .replace(/ /gi, ' ') + .replace(/"/gi, '"') + .replace(/'/gi, "'"); } if (type === 'markdown') { @@ -168,6 +174,8 @@ export const stripHtmlValidation = ( }) .replace(/&/gi, '&') .replace(/ /gi, ' ') + .replace(/"/gi, '"') + .replace(/'/gi, "'") .replace(/

([.\s\S]*?)<\/h2>/g, (match, p1) => { return `

## ${p1}

\n`; }) @@ -206,14 +214,14 @@ export const stripHtmlValidation = ( const html = (value || '') .replace(/&/gi, '&') .replace(/ /gi, ' ') + .replace(/"/gi, '"') + .replace(/'/gi, "'") .replace(/^]*>/i, '') .replace(/]*>/gi, '\n') - .replace(/<\/p>/gi, '') - .replace(/>/gi, '>') - .replace(/</gi, '<'); + .replace(/<\/p>/gi, ''); if (none) { - return striptags(html); + return striptags(html).replace(/>/gi, '>').replace(/</gi, '<'); } if (replaceBold) { @@ -235,11 +243,15 @@ export const stripHtmlValidation = ( convertMentionFunction ); - return striptags(processedHtml); + return striptags(processedHtml) + .replace(/>/gi, '>') + .replace(/</gi, '<'); } // Strip all other tags - return striptags(html, ['ul', 'li', 'h1', 'h2', 'h3']); + return striptags(html, ['ul', 'li', 'h1', 'h2', 'h3']) + .replace(/>/gi, '>') + .replace(/</gi, '<'); }; export const convertMention = (