IBX-5054: HTML code gets removed from the Custom tag's string attribute

[vidarl]

Question	Answer
JIRA issue	IBX-5054
Bug/Improvement	yes
New feature	no
Target version	4.3
BC breaks	no
Tests pass	yes/no
Doc needed	no

Missing escaping of input

TODO:

• Implement feature / fix a bug.
• Implement tests. ( Assume this is not needed for this one ?)
• Fix new code according to Coding Standards ($ composer fix-cs).
• Ask for Code Review.

[vidarl]

Failing SOLR test is not related to changes in this PR...

[lucasOsti]

What do you think about escaping without creating div?

const valueString = value ?? '';
const attributeValue = valueString
	.replace(/&/g, "&")
        .replace(/</g, "&lt;")
        .replace(/>/g, "&gt;")
        .replace(/"/g, "&quot;")
        .replace(/'/g, "&#39;");

[vidarl]

Escaping like I currently do seems to be quite common in JS. But if you prefer, I can change it as suggested. However, others have already approved it so not sure what others think of it.

I am not sure either if your suggestion covers all characters that needs to be escaped ?

[lucasOsti]

After talking with the frontend team, I approved for your solution :)

[micszo]

Retest of original issue OK.

Sanities on rich-text field OK.

QA Approved on Ibexa Experience 4.3.4.

[alongosz]

Rebased to see if we can get CI green.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication