Skip to content

Commit

Permalink
escape html
Browse files Browse the repository at this point in the history
  • Loading branch information
@GeorgeGoodall
GeorgeGoodall committed Oct 21, 2024
1 parent d64873a commit 9ffb0b9
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
4 changes: 3 additions & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
"cookie-parser": "^1.4.6",
"csv-parser": "^3.0.0",
"dotenv": "^16.4.5",
"escape-html": "^1.0.3",
"express": "^4.19.2",
"express-session": "^1.18.0",
"govuk-frontend": "^5.6.0",
Expand Down
5 changes: 3 additions & 2 deletions src/middleware/issueDetails.middleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import {
} from './common.middleware.js'
import { fetchIf, renderTemplate } from './middleware.builders.js'
import * as v from 'valibot'
import escape from 'escape-html'

export const IssueDetailsQueryParams = v.strictObject({
lpa: v.string(),
Expand All @@ -45,7 +46,7 @@ const validateIssueDetailsQueryParams = validateQueryParams({
*/
export const issueErrorMessageHtml = (errorMessage, issue) =>
`<p class="govuk-error-message">${errorMessage}</p>${
issue ? issue.value ?? '' : ''
escape(issue ? issue.value ?? '' : '')
}`

/**
Expand Down Expand Up @@ -113,7 +114,7 @@ export function prepareIssueDetailsTemplateParams (req, res, next) {
valueHtml += issueErrorMessageHtml(entity[datasetField].issue.message, null)
classes += 'dl-summary-card-list__row--error'
}
valueHtml += entity[datasetField]?.value || ''
valueHtml += escape(entity[datasetField]?.value || '')
return getIssueField(datasetField, valueHtml, classes)
})

Expand Down

0 comments on commit 9ffb0b9

Please sign in to comment.