From ad86f5824fb83f278f1f3c8514ded4356142295d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dafydd=20Ll=C5=B7r=20Pearson?= Date: Wed, 20 Sep 2023 09:39:53 +0100 Subject: [PATCH] fix: Incomplete multi-character sanitation --- editor.planx.uk/package.json | 1 + editor.planx.uk/pnpm-lock.yaml | 7 +++++++ editor.planx.uk/src/@planx/components/Send/bops/index.ts | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/editor.planx.uk/package.json b/editor.planx.uk/package.json index ffec422e0c..8f82ea9b81 100644 --- a/editor.planx.uk/package.json +++ b/editor.planx.uk/package.json @@ -83,6 +83,7 @@ "rxjs": "^7.8.1", "scroll-into-view-if-needed": "^2.2.31", "sharedb": "^3.3.1", + "striptags": "^3.2.0", "swr": "^2.2.0", "tippy.js": "^6.3.7", "uuid": "^9.0.0", diff --git a/editor.planx.uk/pnpm-lock.yaml b/editor.planx.uk/pnpm-lock.yaml index 4625024832..1bbee1fe10 100644 --- a/editor.planx.uk/pnpm-lock.yaml +++ b/editor.planx.uk/pnpm-lock.yaml @@ -252,6 +252,9 @@ dependencies: sharedb: specifier: ^3.3.1 version: 3.3.1 + striptags: + specifier: ^3.2.0 + version: 3.2.0 swr: specifier: ^2.2.0 version: 2.2.0(react@18.2.0) @@ -18983,6 +18986,10 @@ packages: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} engines: {node: '>=8'} + /striptags@3.2.0: + resolution: {integrity: sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==} + dev: false + /strnum@1.0.5: resolution: {integrity: sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==} dev: false diff --git a/editor.planx.uk/src/@planx/components/Send/bops/index.ts b/editor.planx.uk/src/@planx/components/Send/bops/index.ts index be3e17ce61..42b05ff992 100644 --- a/editor.planx.uk/src/@planx/components/Send/bops/index.ts +++ b/editor.planx.uk/src/@planx/components/Send/bops/index.ts @@ -28,6 +28,7 @@ import { ResponseMetaData, USER_ROLES, } from "../model"; +import striptags from "striptags"; export const bopsDictionary = { // applicant or agent details provided via TextInput(s) or ContactInput component @@ -231,7 +232,7 @@ export const makePayload = ( if (flow[id]?.data?.policyRef) { metadata.policy_refs = [ // remove html tags - { text: flow[id].data.policyRef.replace(/<[^>]*>/g, "").trim() }, + { text: striptags(flow[id].data.policyRef) }, ]; } metadata = addPortalName(id, flow, metadata);