fix: mark SVG path as sanitized

opf · Jul 20, 2023 · 1004d47 · 1004d47
1 parent b47be85
commit 1004d47
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/.changeset/pretty-bottles-trade.md b/.changeset/pretty-bottles-trade.md
@@ -0,0 +1,5 @@
+---
+'@openproject/octicons': patch
+---
+
+fix: mark SVG Path as sanitized
diff --git a/lib/octicons_angular/script/build.js b/lib/octicons_angular/script/build.js
@@ -47,7 +47,7 @@ const icons = Object.entries(octicons)
   template: \`
     <title *ngIf="title">{{title}}</title>
 
-    <path [outerHTML]="path"></path>
+    <path [outerHTML]="sanitizer.bypassSecurityTrustHtml(path)"></path>
   \`,
 })
 export class Op${name} extends OpOcticonComponentBase {

diff --git a/lib/octicons_angular/src/octicon-component-base.ts b/lib/octicons_angular/src/octicon-component-base.ts
@@ -3,6 +3,7 @@ import {
   Input,
   HostBinding
 } from '@angular/core';
+import { DomSanitizer } from '@angular/platform-browser';
 import { closestNaturalHeight } from './helpers';
 
 @Directive({})
@@ -71,4 +72,6 @@ export class OpOcticonComponentBase {
        path: string,
      };
    } = {};
+
+   constructor(protected sanitizer:DomSanitizer) {}
 }