From 7f58ce3726dfec71537d8b80474a0f95a48a1574 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Wed, 22 Nov 2023 07:17:58 +0000 Subject: [PATCH] fix: sanitise formula text before rendering --- packages/nc-gui/utils/urlUtils.ts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/nc-gui/utils/urlUtils.ts b/packages/nc-gui/utils/urlUtils.ts index 5fb19860d2..3e792c7a59 100644 --- a/packages/nc-gui/utils/urlUtils.ts +++ b/packages/nc-gui/utils/urlUtils.ts @@ -6,8 +6,15 @@ export const replaceUrlsWithLink = (text: string): boolean | string => { } const rawText = text.toString() + + // create a temporary element to sanitise the string + // by encoding any html code + const tempEl = document.createElement('div') + tempEl.textContent = rawText + const sanitisedText = tempEl.innerHTML + let found = false - const out = rawText.replace(/URI::\((.*?)\)/g, (_, url) => { + const out = sanitisedText.replace(/URI::\((.*?)\)/g, (_, url) => { found = true const a = document.createElement('a') a.textContent = url