fix: prevent xss in form block reading sent data from BE response

src/components/FormView.jsx

@@ -65,15 +65,10 @@ const FormView = ({
   /* Function that replaces variables from the user customized message  */
   const replaceMessage = (text) => {
     let i = 0;
-    while (i < data.subblocks.length) {
-      let idField = getFieldName(
-        data.subblocks[i].label,
-        data.subblocks[i].field_id,
-      );
-      text = text.replaceAll(
-        '${' + idField + '}',
-        formData[idField]?.value || '',
-      );
+    const sent_data = formState.result.data;
+    while (i < sent_data.length) {
+      let idField = sent_data[i].label;
+      text = text.replaceAll('${' + idField + '}', sent_data[i].value ?? '');
       i++;
     }
     return text;
@@ -92,6 +87,7 @@ const FormView = ({
           {data.description && (
             <p className="description">{data.description}</p>
           )}
+
           {formState.result ? (
             <Message positive role="alert">
               {/* Custom message */}

src/components/View.jsx

@@ -283,7 +283,10 @@ const View = ({ data, id, path }) => {
     if (submitResults?.loaded) {
       setFormState({
         type: FORM_STATES.success,
-        result: intl.formatMessage(messages.formSubmitted),
+        result: {
+          message: intl.formatMessage(messages.formSubmitted),
+          ...submitResults.result,
+        },
       });
       captcha.reset();
       const formItem = document.getElementById(formid);

src/reducers/index.js

@@ -50,9 +50,7 @@ export const submitForm = (state = initialState, action = {}) => {
               ...state.subrequests,
               [action.subrequest]: {
                 ...(state.subrequests[action.subrequest] || {
-                  items: [],
-                  total: 0,
-                  batching: {},
+                  result: null,
                 }),
                 error: null,
                 loaded: false,
@@ -62,6 +60,7 @@ export const submitForm = (state = initialState, action = {}) => {
           }
         : {
             ...state,
+            result: null,
             error: null,
             loading: true,
             loaded: false,
@@ -74,6 +73,7 @@ export const submitForm = (state = initialState, action = {}) => {
               ...state.subrequests,
               [action.subrequest]: {
                 ...(state.subrequests[action.subrequest] || {}),
+                result: action.result,
                 error: null,
                 loaded: true,
                 loading: false,
@@ -82,6 +82,7 @@ export const submitForm = (state = initialState, action = {}) => {
           }
         : {
             ...state,
+            result: action.result,
             error: null,
             loaded: true,
             loading: false,
@@ -94,6 +95,7 @@ export const submitForm = (state = initialState, action = {}) => {
               ...state.subrequests,
               [action.subrequest]: {
                 ...(state.subrequests[action.subrequest] || {}),
+                result: null,
                 loading: false,
                 loaded: false,
               },
@@ -102,6 +104,7 @@ export const submitForm = (state = initialState, action = {}) => {
         : {
             ...state,
             error: action.error,
+            result: null,
             loading: false,
             loaded: false,
           };