Security: remove safe html pipe

2026-01-24 22:39:02 -06:00 · 2025-12-18 06:31:25 -08:00
parent 84c59f45da
commit bf38ae98f1
33 changed files with 44 additions and 107 deletions
--- a/src-ui/src/app/components/manage/management-list/management-list.component.html
+++ b/src-ui/src/app/components/manage/management-list/management-list.component.html
@@ -94,8 +94,14 @@
    <td scope="row">{{ getDocumentCount(object) }}</td>
    @for (column of extraColumns; track column) {
      <td scope="row" [ngClass]="{ 'd-none d-sm-table-cell' : column.hideOnMobile }">
-        @if (column.rendersHtml) {
-          <div [innerHtml]="column.valueFn.call(null, object) | safeHtml"></div>
+        @if (column.badgeFn) {
+          <span
+            class="badge"
+            [style.color]="column.badgeFn.call(null, object)?.textColor"
+            [style.backgroundColor]="column.badgeFn.call(null, object)?.backgroundColor"
+          >
+            {{ column.badgeFn.call(null, object)?.text }}
+          </span>
        } @else if (column.monospace) {
          <span class="font-monospace">{{ column.valueFn.call(null, object) }}</span>
        } @else {
--- a/src-ui/src/app/components/manage/management-list/management-list.component.spec.ts
+++ b/src-ui/src/app/components/manage/management-list/management-list.component.spec.ts
@@ -33,7 +33,6 @@ import { Tag } from 'src/app/data/tag'
 import { IfPermissionsDirective } from 'src/app/directives/if-permissions.directive'
 import { SortableDirective } from 'src/app/directives/sortable.directive'
 import { PermissionsGuard } from 'src/app/guards/permissions.guard'
-import { SafeHtmlPipe } from 'src/app/pipes/safehtml.pipe'
 import { DocumentListViewService } from 'src/app/services/document-list-view.service'
 import {
  PermissionAction,
@@ -93,7 +92,6 @@ describe('ManagementListComponent', () => {
        SortableDirective,
        PageHeaderComponent,
        IfPermissionsDirective,
-        SafeHtmlPipe,
        ConfirmDialogComponent,
        PermissionsDialogComponent,
      ],
--- a/src-ui/src/app/components/manage/management-list/management-list.component.ts
+++ b/src-ui/src/app/components/manage/management-list/management-list.component.ts
@@ -48,9 +48,13 @@ export interface ManagementListColumn {

  name: string

-  valueFn: any
+  valueFn?: any

-  rendersHtml?: boolean
+  badgeFn?: (object: any) => {
+    text: string
+    textColor?: string
+    backgroundColor?: string
+  }

  hideOnMobile?: boolean