Skip to content

Commit f894aaf

Browse files
authored
ENGCOM-7981: #1684: Login failed error contains HTML tags #29398
2 parents 32b50a3 + c1d2c42 commit f894aaf

File tree

3 files changed

+94
-4
lines changed

3 files changed

+94
-4
lines changed

app/code/Magento/MediaGalleryUi/view/adminhtml/web/js/grid/messages.js

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,17 @@
44
*/
55

66
define([
7-
'uiElement'
8-
], function (Element) {
7+
'uiElement',
8+
'escaper'
9+
], function (Element, escaper) {
910
'use strict';
1011

1112
return Element.extend({
1213
defaults: {
1314
template: 'Magento_MediaGalleryUi/grid/messages',
1415
messageDelay: 5,
15-
messages: []
16+
messages: [],
17+
allowedTags: ['div', 'span', 'b', 'strong', 'i', 'em', 'u', 'a']
1618
},
1719

1820
/**
@@ -72,6 +74,16 @@ define([
7274
clearTimeout(timerId);
7375
this.clear();
7476
}.bind(this), Number(delay) * 1000);
77+
},
78+
79+
/**
80+
* Prepare the given message to be rendered as HTML
81+
*
82+
* @param {String} message
83+
* @return {String}
84+
*/
85+
prepareMessageUnsanitizedHtml: function (message) {
86+
return escaper.escapeHtml(message, this.allowedTags);
7587
}
7688
});
7789
});

app/code/Magento/MediaGalleryUi/view/adminhtml/web/template/grid/messages.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<div class="messages" outereach="messages">
99
<div attr="class: 'message message-'+code">
1010
<div data-ui-id="messages-message-error">
11-
<span text="message"></span>
11+
<span html="$parent.prepareMessageUnsanitizedHtml(message)"></span>
1212
</div>
1313
</div>
1414
</div>
Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
/**
2+
* Copyright © Magento, Inc. All rights reserved.
3+
* See COPYING.txt for license details.
4+
*/
5+
6+
define([
7+
'Magento_MediaGalleryUi/js/grid/messages',
8+
'escaper'
9+
], function (Messages, Escaper) {
10+
'use strict';
11+
12+
describe('Magento_MediaGalleryUi/js/grid/messages', function () {
13+
var messagesInstance,
14+
escaperInstance,
15+
messageText,
16+
errorType,
17+
successType;
18+
19+
beforeEach(function () {
20+
escaperInstance = Escaper;
21+
messagesInstance = Messages({
22+
escaper: escaperInstance
23+
});
24+
messageText = 'test message';
25+
errorType = 'error';
26+
successType = 'success';
27+
});
28+
29+
it('add error message, get error message', function () {
30+
messagesInstance.add(errorType, messageText);
31+
expect(JSON.stringify(messagesInstance.get())).toEqual(JSON.stringify([{
32+
code: errorType,
33+
message: messageText
34+
}]));
35+
});
36+
37+
it('add success message, get success message', function () {
38+
messagesInstance.add(successType, messageText);
39+
expect(JSON.stringify(messagesInstance.get())).toEqual(JSON.stringify([{
40+
code: successType,
41+
message: messageText
42+
}]));
43+
});
44+
45+
it('handles multiple messages', function () {
46+
messagesInstance.add(successType, messageText);
47+
messagesInstance.add(errorType, messageText);
48+
expect(JSON.stringify(messagesInstance.get())).toEqual(JSON.stringify([
49+
{
50+
code: successType,
51+
message: messageText
52+
},
53+
{
54+
code: errorType,
55+
message: messageText
56+
}
57+
]));
58+
});
59+
60+
it('cleans messages', function () {
61+
messagesInstance.add(errorType, messageText);
62+
messagesInstance.clear();
63+
64+
expect(JSON.stringify(messagesInstance.get())).toEqual(JSON.stringify([]));
65+
});
66+
67+
it('prepare message to be rendered as HTML', function () {
68+
var escapedMessage = 'escaped message';
69+
70+
// eslint-disable-next-line max-nested-callbacks
71+
spyOn(escaperInstance, 'escapeHtml').and.callFake(function () {
72+
return escapedMessage;
73+
});
74+
75+
expect(messagesInstance.prepareMessageUnsanitizedHtml(messageText)).toEqual(escapedMessage);
76+
});
77+
});
78+
});

0 commit comments

Comments
 (0)