paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-01-12 21:44:21 -06:00
Code Issues Packages Projects Releases Wiki Activity

Security: remove safe html pipe

Browse Source
This commit is contained in:
shamoon
2025-12-18 06:31:25 -08:00
parent 84c59f45da
commit bf38ae98f1
33 changed files with 44 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src-ui/src/app/components/manage/mail/mail.component.spec.ts
View File

@@ -23,7 +23,6 @@ import { IfOwnerDirective } from 'src/app/directives/if-owner.directive'
import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
import { PermissionsGuard } from 'src/app/guards/permissions.guard'
import { CustomDatePipe } from 'src/app/pipes/custom-date.pipe'
import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
import { PermissionsService } from 'src/app/services/permissions.service'
import { MailAccountService } from 'src/app/services/rest/mail-account.service'
import { MailRuleService } from 'src/app/services/rest/mail-rule.service'
@@ -84,7 +83,6 @@ describe('MailComponent', () => {
CustomDatePipe,
ConfirmDialogComponent,
CheckComponent,
SafeHtmlPipe,
SelectComponent,
TextComponent,
PasswordComponent,

10
src-ui/src/app/components/manage/management-list/management-list.component.html
View File

@@ -94,8 +94,14 @@
<td scope="row">{{ getDocumentCount(object) }}</td>
@for (column of extraColumns; track column) {
<td scope="row" [ngClass]="{ 'd-none d-sm-table-cell' : column.hideOnMobile }">
@if (column.rendersHtml) {
<div [innerHtml]="column.valueFn.call(null, object) | safeHtml"></div>
@if (column.badgeFn) {
<span
class="badge"
[style.color]="column.badgeFn.call(null, object)?.textColor"
[style.backgroundColor]="column.badgeFn.call(null, object)?.backgroundColor"
>
{{ column.badgeFn.call(null, object)?.text }}
</span>
} @else if (column.monospace) {
<span class="font-monospace">{{ column.valueFn.call(null, object) }}</span>
} @else {

2
src-ui/src/app/components/manage/management-list/management-list.component.spec.ts
View File

@@ -33,7 +33,6 @@ import { Tag } from 'src/app/data/tag'
import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
import { SortableDirective } from 'src/app/directives/sortable.directive'
import { PermissionsGuard } from 'src/app/guards/permissions.guard'
import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
import { DocumentListViewService } from 'src/app/services/document-list-view.service'
import {
PermissionAction,
@@ -93,7 +92,6 @@ describe('ManagementListComponent', () => {
SortableDirective,
PageHeaderComponent,
IfPermissionsDirective,
SafeHtmlPipe,
ConfirmDialogComponent,
PermissionsDialogComponent,
],

8
src-ui/src/app/components/manage/management-list/management-list.component.ts
View File

@@ -48,9 +48,13 @@ export interface ManagementListColumn {
name: string
valueFn: any
valueFn?: any
rendersHtml?: boolean
badgeFn?: (object: any) => {
text: string
textColor?: string
backgroundColor?: string
}
hideOnMobile?: boolean

2
src-ui/src/app/components/manage/storage-path-list/storage-path-list.component.spec.ts
View File

@@ -9,7 +9,6 @@ import { of } from 'rxjs'
import { StoragePath } from 'src/app/data/storage-path'
import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
import { SortableDirective } from 'src/app/directives/sortable.directive'
import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
import { StoragePathService } from 'src/app/services/rest/storage-path.service'
import { PageHeaderComponent } from '../../common/page-header/page-header.component'
import { StoragePathListComponent } from './storage-path-list.component'
@@ -30,7 +29,6 @@ describe('StoragePathListComponent', () => {
SortableDirective,
PageHeaderComponent,
IfPermissionsDirective,
SafeHtmlPipe,
],
providers: [
DatePipe,

2
src-ui/src/app/components/manage/storage-path-list/storage-path-list.component.ts
View File

@@ -10,7 +10,6 @@ import { FILTER_HAS_STORAGE_PATH_ANY } from 'src/app/data/filter-rule-type'
import { StoragePath } from 'src/app/data/storage-path'
import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
import { SortableDirective } from 'src/app/directives/sortable.directive'
import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
import { PermissionType } from 'src/app/services/permissions.service'
import { StoragePathService } from 'src/app/services/rest/storage-path.service'
import { StoragePathEditDialogComponent } from '../../common/edit-dialog/storage-path-edit-dialog/storage-path-edit-dialog.component'
@@ -26,7 +25,6 @@ import { ManagementListComponent } from '../management-list/management-list.comp
PageHeaderComponent,
TitleCasePipe,
IfPermissionsDirective,
SafeHtmlPipe,
FormsModule,
ReactiveFormsModule,
NgClass,

2
src-ui/src/app/components/manage/tag-list/tag-list.component.spec.ts
View File

@@ -8,7 +8,6 @@ import { NgxBootstrapIconsModule, allIcons } from 'ngx-bootstrap-icons'
import { of } from 'rxjs'
import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
import { SortableDirective } from 'src/app/directives/sortable.directive'
import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
import { TagService } from 'src/app/services/rest/tag.service'
import { PageHeaderComponent } from '../../common/page-header/page-header.component'
import { TagListComponent } from './tag-list.component'
@@ -30,7 +29,6 @@ describe('TagListComponent', () => {
SortableDirective,
PageHeaderComponent,
IfPermissionsDirective,
SafeHtmlPipe,
],
providers: [
DatePipe,

11
src-ui/src/app/components/manage/tag-list/tag-list.component.ts
View File

@@ -10,7 +10,6 @@ import { FILTER_HAS_TAGS_ALL } from 'src/app/data/filter-rule-type'
import { Tag } from 'src/app/data/tag'
import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
import { SortableDirective } from 'src/app/directives/sortable.directive'
import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
import { PermissionType } from 'src/app/services/permissions.service'
import { TagService } from 'src/app/services/rest/tag.service'
import { TagEditDialogComponent } from '../../common/edit-dialog/tag-edit-dialog/tag-edit-dialog.component'
@@ -26,7 +25,6 @@ import { ManagementListComponent } from '../management-list/management-list.comp
PageHeaderComponent,
TitleCasePipe,
IfPermissionsDirective,
SafeHtmlPipe,
FormsModule,
ReactiveFormsModule,
NgClass,
@@ -49,10 +47,11 @@ export class TagListComponent extends ManagementListComponent<Tag> {
{
key: 'color',
name: $localize`Color`,
rendersHtml: true,
valueFn: (t: Tag) => {
return `<span class="badge" style="color: ${t.text_color}; background-color: ${t.color}">${t.color}</span>`
},
badgeFn: (t: Tag) => ({
text: t.color,
textColor: t.text_color,
backgroundColor: t.color,
}),
},
]
}