Skip to content

Commit

Permalink
Revert "Revert "FIO-7466: Fixed an issue where code inside tolltips w…
Browse files Browse the repository at this point in the history 
…ill be e…"

This reverts commit 5bf7649.
  • Loading branch information
@lane-formio
lane-formio committed Feb 1, 2024
1 parent 8c1eb98 commit 21a44f7
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/components/_classes/component/Component.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1208,7 +1208,7 @@ export default class Component extends Element {
placement: 'right',
zIndex: 10000,
interactive: true,
content: this.t(tooltipText, { _userInput: true }),
content: this.t(this.sanitize(tooltipText), { _userInput: true }),
});
}
});
Expand Down
14 changes: 14 additions & 0 deletions src/components/_classes/component/Component.unit.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import { comp1 } from './fixtures';
import _merge from 'lodash/merge';
import comp3 from './fixtures/comp3';
import comp4 from './fixtures/comp4';
import comp5 from './fixtures/comp5';

describe('Component', () => {
it('Should create a Component', (done) => {
Expand Down Expand Up @@ -356,4 +357,17 @@ describe('Component', () => {
.catch(done);
});
});

it('Should not execute code inside Tooltips/Description', (done) => {
const formElement = document.createElement('div');
const form = new Webform(formElement);

form.setForm(comp5).then(() => {
setTimeout(() => {
assert.equal(window._ee, undefined, 'Should not execute code inside Tooltips/Description');
done();
}, 200);
})
.catch(done);
});
});
24 changes: 24 additions & 0 deletions src/components/_classes/component/fixtures/comp5.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
export default {
type: 'form',
display: 'form',
components: [
{
label: 'Text Field',
description: "<img <img src='https://somesite' onerror='var _ee = 2' >",
tooltip: "<img src='https://somesite' onerror='var _ee = 1 >",
applyMaskOn: 'change',
tableView: true,
key: 'textField',
type: 'textfield',
input: true
},
{
type: 'button',
label: 'Submit',
key: 'submit',
disableOnInvalid: true,
input: true,
tableView: false
}
],
};
1 change: 1 addition & 0 deletions src/components/_classes/component/fixtures/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ export comp1 from './comp1';
export comp2 from './comp2';
export comp3 from './comp3';
export comp4 from './comp4';
export comp5 from './comp5';

0 comments on commit 21a44f7

Please sign in to comment.