added sanitize for widget action name on delete

2025-08-13 11:19:16 +03:00 · 2025-08-13 11:19:16 +03:00 · 33df79cd12
commit 33df79cd12
parent 599ccdc43c
1 changed files with 6 additions and 2 deletions
--- a/ui-ngx/src/app/modules/home/components/widget/action/manage-widget-actions.component.ts
+++ b/ui-ngx/src/app/modules/home/components/widget/action/manage-widget-actions.component.ts
@ -24,6 +24,7 @@ import {
  NgZone,
  OnDestroy,
  OnInit,
+  SecurityContext,
  ViewChild
 } from '@angular/core';
 import { ControlValueAccessor, NG_VALUE_ACCESSOR } from '@angular/forms';
@ -53,6 +54,7 @@ import {
 import { deepClone } from '@core/utils';
 import { hidePageSizePixelValue } from '@shared/models/constants';
 import { CdkDragDrop, moveItemInArray } from '@angular/cdk/drag-drop';
+import { DomSanitizer } from '@angular/platform-browser';

@Component({
  selector: 'tb-manage-widget-actions',
@ -106,7 +108,8 @@ export class ManageWidgetActionsComponent extends PageComponent implements OnIni
              private dialogs: DialogService,
              private cd: ChangeDetectorRef,
              private elementRef: ElementRef,
-              private zone: NgZone) {
+              private zone: NgZone,
+              private sanitizer: DomSanitizer) {
    super();
    const sortOrder: SortOrder = { property: 'actionSourceName', direction: Direction.ASC };
    this.pageLink = new PageLink(10, 0, null, sortOrder);
@ -289,7 +292,8 @@ export class ManageWidgetActionsComponent extends PageComponent implements OnIni
    }
    const title = this.translate.instant('widget-config.delete-action-title');
    const content = this.translate.instant('widget-config.delete-action-text', {actionName: action.name});
-    this.dialogs.confirm(title, content,
+    const safeContent = this.sanitizer.sanitize(SecurityContext.HTML, content);
+    this.dialogs.confirm(title, safeContent,
      this.translate.instant('action.no'),
      this.translate.instant('action.yes'), true).subscribe(
      (res) => {