UIREQ-510 html-encode strings for react-to-print (#627)

* UIREQ-510 html-encode strings for react-to-print Values passed to `react-to-print` need to be escaped because of the way it generates its document under the hood. Without escaping, if we passed a value like `something<bad>very bad`, this would cause React to blow up when slips were generated with an error like ``` ERROR:Failed to execute 'createElement' on 'Document':The tag name provided ('bad') is not a valid name. ``` Refs UIREQ-510
folio-org · Aug 21, 2020 · 9f404db · 9f404db
1 parent 25155e1
commit 9f404db
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 
 * Add loading indicator when service point is switched. Fixes UIREQ-508.
 * Improve performance issues with preview for print pick slips. Fixes UIREQ-507.
+* Escape values passed to `react-to-print`. Fixes UIREQ-510.
 
 ## [3.0.4](https://github.com/folio-org/ui-requests/tree/v3.0.4) (2020-07-15)
 [Full Changelog](https://github.com/folio-org/ui-requests/compare/v3.0.3...v3.0.4)

diff --git a/src/utils.js b/src/utils.js
@@ -1,4 +1,5 @@
 import {
+  escape,
   get,
   isEmpty,
   isObject,
@@ -10,6 +11,7 @@ import {
 import queryString from 'query-string';
 import React from 'react';
 import { Link } from 'react-router-dom';
+
 import {
   Col,
   Headline,
@@ -166,7 +168,7 @@ export function buildTemplate(template = '') {
   return dataSource => {
     return template.replace(/{{([^{}]*)}}/g, (token, tokenName) => {
       const tokenValue = dataSource[tokenName];
-      return typeof tokenValue === 'string' || typeof tokenValue === 'number' ? tokenValue : '';
+      return typeof tokenValue === 'string' || typeof tokenValue === 'number' ? escape(tokenValue) : '';
     });
   };
 }