From 88441f5840ceddacf094218231cc7d61f9e758ed Mon Sep 17 00:00:00 2001 From: "sweep-ai[bot]" <128439645+sweep-ai[bot]@users.noreply.github.com> Date: Sun, 18 Feb 2024 19:21:09 +0000 Subject: [PATCH 1/5] feat: Add sanitizeInput utility function to preven --- src/utils/sanitizeInput.js | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 src/utils/sanitizeInput.js diff --git a/src/utils/sanitizeInput.js b/src/utils/sanitizeInput.js new file mode 100644 index 00000000..8b95c270 --- /dev/null +++ b/src/utils/sanitizeInput.js @@ -0,0 +1,3 @@ +export function sanitizeInput(input) { + return input.replace(/<\/?[^>]+(>|$)/g, ""); +} From 6dca10c77f0074f6b56b5b4b3a6415cdcfeeed50 Mon Sep 17 00:00:00 2001 From: "sweep-ai[bot]" <128439645+sweep-ai[bot]@users.noreply.github.com> Date: Sun, 18 Feb 2024 19:22:19 +0000 Subject: [PATCH 2/5] feat: Updated src/components/common/EditableSpan.j --- src/components/common/EditableSpan.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/components/common/EditableSpan.js b/src/components/common/EditableSpan.js index 533da1f5..dd7aac21 100644 --- a/src/components/common/EditableSpan.js +++ b/src/components/common/EditableSpan.js @@ -48,6 +48,7 @@ export default class EditableSpan extends PureComponent { let result = value; const nbsp = String.fromCharCode('160'); while (result.indexOf(' ') !== -1) { +import { sanitizeInput } from '../../utils/sanitizeInput'; result = result.replace(' ', nbsp); } return result; @@ -69,7 +70,7 @@ export default class EditableSpan extends PureComponent { if (this.props.hidden) return; if (this.text === val) return; // set text while retaining cursor position - this.span.current.innerHTML = val; + this.span.current.innerHTML = sanitizeInput(val); } handleFocus = () => { From e484411574f1fdac7299c06309936c7c6d8d8934 Mon Sep 17 00:00:00 2001 From: "sweep-ai[bot]" <128439645+sweep-ai[bot]@users.noreply.github.com> Date: Sun, 18 Feb 2024 19:36:10 +0000 Subject: [PATCH 3/5] feat: Updated src/components/common/EditableSpan.j --- src/components/common/EditableSpan.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/components/common/EditableSpan.js b/src/components/common/EditableSpan.js index dd7aac21..0880f5ba 100644 --- a/src/components/common/EditableSpan.js +++ b/src/components/common/EditableSpan.js @@ -2,6 +2,7 @@ import './css/editableSpan.css'; import React, {PureComponent} from 'react'; import _ from 'lodash'; import Caret from '../../lib/caret'; +import { sanitizeInput } from '../../utils/sanitizeInput'; export default class EditableSpan extends PureComponent { constructor() { From b8ff5edb98bb0907ae5e1da2f13611076c3659d2 Mon Sep 17 00:00:00 2001 From: Steven Hao Date: Mon, 19 Feb 2024 22:41:47 -0800 Subject: [PATCH 4/5] Update src/components/common/EditableSpan.js --- src/components/common/EditableSpan.js | 1 - 1 file changed, 1 deletion(-) diff --git a/src/components/common/EditableSpan.js b/src/components/common/EditableSpan.js index 0880f5ba..b31fcdff 100644 --- a/src/components/common/EditableSpan.js +++ b/src/components/common/EditableSpan.js @@ -49,7 +49,6 @@ export default class EditableSpan extends PureComponent { let result = value; const nbsp = String.fromCharCode('160'); while (result.indexOf(' ') !== -1) { -import { sanitizeInput } from '../../utils/sanitizeInput'; result = result.replace(' ', nbsp); } return result; From 114e92ddd68f251355fbb29bc07dfce3486b2e8c Mon Sep 17 00:00:00 2001 From: "sweep-ai[bot]" <128439645+sweep-ai[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 06:42:14 +0000 Subject: [PATCH 5/5] feat: Updated src/components/common/EditableSpan.j --- src/components/common/EditableSpan.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/common/EditableSpan.js b/src/components/common/EditableSpan.js index b31fcdff..d27cd19c 100644 --- a/src/components/common/EditableSpan.js +++ b/src/components/common/EditableSpan.js @@ -49,7 +49,7 @@ export default class EditableSpan extends PureComponent { let result = value; const nbsp = String.fromCharCode('160'); while (result.indexOf(' ') !== -1) { - result = result.replace(' ', nbsp); + result = result.replaceAll(' ', nbsp); } return result; }