@hmcts/ccd-case-ui-toolkit 7.2.52 → 7.2.53-2673

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/esm2022/lib/shared/services/form/form-validators.service.mjs +11 -3
  2. package/fesm2022/hmcts-ccd-case-ui-toolkit.mjs +10 -2
  3. package/fesm2022/hmcts-ccd-case-ui-toolkit.mjs.map +1 -1
  4. package/lib/shared/services/form/form-validators.service.d.ts.map +1 -1
  5. package/package.json +1 -1
package/esm2022/lib/shared/services/form/form-validators.service.mjs CHANGED
@@ -52,10 +52,18 @@ export class FormValidatorsService {
52
52
  return validator;
53
53
  }
54
54
  static markDownPatternValidator() {
55
- const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img[^>]{0,500}>|<a[^>]{0,500}>.*?<\/a>)/;
55
+ const aTagPattern = /<a\b[^>]*(>|$)/i;
56
+ const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img\b[^>]{0,500}(?:>|$))/i;
57
+ const hasDangerousAttrs = /\bon\w+\s*=/i;
56
58
  return (control) => {
57
59
  const value = control?.value?.toString().trim();
58
- return (value && pattern.test(value)) ? { markDownPattern: {} } : null;
60
+ if (value &&
61
+ (pattern.test(value) ||
62
+ aTagPattern.test(value) ||
63
+ hasDangerousAttrs.test(value))) {
64
+ return { markDownPattern: {} };
65
+ }
66
+ return null;
59
67
  };
60
68
  }
61
69
  // TODO: Strip this out as it's only here for the moment because
@@ -79,4 +87,4 @@ export class FormValidatorsService {
79
87
  (() => { (typeof ngDevMode === "undefined" || ngDevMode) && i0.ɵsetClassMetadata(FormValidatorsService, [{
80
88
  type: Injectable
81
89
  }], null, null); })();
82
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jY2QtY2FzZS11aS10b29sa2l0L3NyYy9saWIvc2hhcmVkL3NlcnZpY2VzL2Zvcm0vZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBQWtELFVBQVUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRTVGLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQzs7QUFLcEQsTUFBTSxPQUFPLHFCQUFxQjtJQUN4QixNQUFNLENBQVUsc0JBQXNCLEdBQW9CO1FBQ2hFLE1BQU0sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLGNBQWM7S0FDNUMsQ0FBQztJQUNNLE1BQU0sQ0FBVSxrQkFBa0IsR0FBRyxNQUFNLENBQUM7SUFDNUMsTUFBTSxDQUFVLHNCQUFzQixHQUFHLFdBQVcsQ0FBQztJQUV0RCxNQUFNLENBQUMsYUFBYSxDQUFDLFNBQW9CLEVBQUUsT0FBd0I7UUFDeEUsSUFDRSxTQUFTLENBQUMsZUFBZSxLQUFLLFNBQVMsQ0FBQyxTQUFTO1lBQ2pELHFCQUFxQixDQUFDLHNCQUFzQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUN0RixDQUFDO1lBQ0QsTUFBTSxVQUFVLEdBQUcsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDekMsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztnQkFDekMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztvQkFDNUMsVUFBVSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO2dCQUMvRSxDQUFDO3FCQUFNLENBQUM7b0JBQ04sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDekMsQ0FBQztnQkFDRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsS0FBSyxRQUFRLENBQUMsRUFBRSxDQUFDO29CQUMvRSxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNsRSxDQUFDO2dCQUNELElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxLQUFLLFFBQVEsQ0FBQyxFQUFFLENBQUM7b0JBQy9FLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xFLENBQUM7WUFDSCxDQUFDO1lBRUQsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDN0MsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDdkMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEIsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUNELE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDcEMsQ0FBQzthQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsS0FBSyxVQUFVLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssVUFBVSxDQUFDO2VBQ3RJLENBQUMsU0FBUyxDQUFDLGVBQWUsS0FBSyxTQUFTLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUN4RixPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTSxNQUFNLENBQUMsY0FBYztRQUMxQixNQUFNLFNBQVMsR0FBRyxDQUFDLE9BQXdCLEVBQTBCLEVBQUU7WUFDckUsSUFBSSxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDbkQsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUMxQixDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7UUFDRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU0sTUFBTSxDQUFDLHdCQUF3QjtRQUNwQyxNQUFNLE9BQU8sR0FBRyw0R0FBNEcsQ0FBQztRQUU3SCxPQUFPLENBQUMsT0FBd0IsRUFBMkIsRUFBRTtZQUMzRCxNQUFNLEtBQUssR0FBRyxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2hELE9BQU8sQ0FBQyxLQUFLLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLGVBQWUsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQ3pFLENBQUMsQ0FBQztJQUNKLENBQUM7SUFFRCxnRUFBZ0U7SUFDaEUsa0VBQWtFO0lBQ2xFLGlFQUFpRTtJQUNqRSxzQkFBc0I7SUFDZixhQUFhLENBQUMsU0FBb0IsRUFBRSxPQUF3QjtRQUNqRSxPQUFPLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVNLHFCQUFxQixDQUFDLFNBQTBCLEVBQUUsV0FBbUI7UUFDMUUsTUFBTSxPQUFPLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMzQyxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQ1osT0FBTyxDQUFDLGFBQWEsQ0FBQyxxQkFBcUIsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7WUFDeEUsT0FBTyxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDbkMsQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7K0dBL0VVLHFCQUFxQjtnRUFBckIscUJBQXFCLFdBQXJCLHFCQUFxQjs7aUZBQXJCLHFCQUFxQjtjQURqQyxVQUFVIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQWJzdHJhY3RDb250cm9sLCBWYWxpZGF0aW9uRXJyb3JzLCBWYWxpZGF0b3JGbiwgVmFsaWRhdG9ycyB9IGZyb20gJ0Bhbmd1bGFyL2Zvcm1zJztcblxuaW1wb3J0IHsgQ29uc3RhbnRzIH0gZnJvbSAnLi4vLi4vY29tbW9ucy9jb25zdGFudHMnO1xuaW1wb3J0IHsgQ2FzZUZpZWxkIH0gZnJvbSAnLi4vLi4vZG9tYWluL2RlZmluaXRpb24vY2FzZS1maWVsZC5tb2RlbCc7XG5pbXBvcnQgeyBGaWVsZFR5cGVFbnVtIH0gZnJvbSAnLi4vLi4vZG9tYWluL2RlZmluaXRpb24vZmllbGQtdHlwZS1lbnVtLm1vZGVsJztcblxuQEluamVjdGFibGUoKVxuZXhwb3J0IGNsYXNzIEZvcm1WYWxpZGF0b3JzU2VydmljZSB7XG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IENVU1RPTV9WQUxJREFURURfVFlQRVM6IEZpZWxkVHlwZUVudW1bXSA9IFtcbiAgICAnRGF0ZScsICdNb25leUdCUCcsICdMYWJlbCcsICdKdWRpY2lhbFVzZXInXG4gIF07XG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IERFRkFVTFRfSU5QVVRfVEVYVCA9ICd0ZXh0JztcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgREVGQVVMVF9JTlBVVF9URVhUQVJFQSA9ICd0ZXh0QXJlYXMnO1xuXG4gIHB1YmxpYyBzdGF0aWMgYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQ6IENhc2VGaWVsZCwgY29udHJvbDogQWJzdHJhY3RDb250cm9sKTogQWJzdHJhY3RDb250cm9sIHtcbiAgICBpZiAoXG4gICAgICBjYXNlRmllbGQuZGlzcGxheV9jb250ZXh0ID09PSBDb25zdGFudHMuTUFOREFUT1JZICYmXG4gICAgICBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuQ1VTVE9NX1ZBTElEQVRFRF9UWVBFUy5pbmRleE9mKGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUpID09PSAtMVxuICAgICkge1xuICAgICAgY29uc3QgdmFsaWRhdG9ycyA9IFtWYWxpZGF0b3JzLnJlcXVpcmVkXTtcbiAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dCcpIHtcbiAgICAgICAgdmFsaWRhdG9ycy5wdXNoKHRoaXMubWFya0Rvd25QYXR0ZXJuVmFsaWRhdG9yKCkpO1xuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUucmVndWxhcl9leHByZXNzaW9uKSB7XG4gICAgICAgICAgdmFsaWRhdG9ycy5wdXNoKFZhbGlkYXRvcnMucGF0dGVybihjYXNlRmllbGQuZmllbGRfdHlwZS5yZWd1bGFyX2V4cHJlc3Npb24pKTtcbiAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5lbXB0eVZhbGlkYXRvcigpKTtcbiAgICAgICAgfVxuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluICYmICh0eXBlb2YgY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluID09PSAnbnVtYmVyJykpIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2goVmFsaWRhdG9ycy5taW5MZW5ndGgoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluKSk7XG4gICAgICAgIH1cbiAgICAgICAgaWYgKGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCAmJiAodHlwZW9mIGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCA9PT0gJ251bWJlcicpKSB7XG4gICAgICAgICAgdmFsaWRhdG9ycy5wdXNoKFZhbGlkYXRvcnMubWF4TGVuZ3RoKGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCkpO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dEFyZWEnKSB7XG4gICAgICAgIHZhbGlkYXRvcnMucHVzaCh0aGlzLmVtcHR5VmFsaWRhdG9yKCkpO1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICB9XG5cbiAgICAgIGlmIChjb250cm9sLnZhbGlkYXRvcikge1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2goY29udHJvbC52YWxpZGF0b3IpO1xuICAgICAgfVxuICAgICAgY29udHJvbC5zZXRWYWxpZGF0b3JzKHZhbGlkYXRvcnMpO1xuICAgIH0gZWxzZSBpZiAoY2FzZUZpZWxkLmRpc3BsYXlfY29udGV4dCA9PT0gJ09QVElPTkFMJyAmJiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUudHlwZSA9PT0gJ1RleHQnIHx8IGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUgPT09ICdUZXh0QXJlYScpXG4gICAgfHwgKGNhc2VGaWVsZC5kaXNwbGF5X2NvbnRleHQgPT09ICdDT01QTEVYJyAmJiBjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnQ29tcGxleCcpKSB7XG4gICAgICBjb250cm9sLnNldFZhbGlkYXRvcnModGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgfVxuXG4gICAgcmV0dXJuIGNvbnRyb2w7XG4gIH1cblxuICBwdWJsaWMgc3RhdGljIGVtcHR5VmFsaWRhdG9yKCk6IFZhbGlkYXRvckZuIHtcbiAgICBjb25zdCB2YWxpZGF0b3IgPSAoY29udHJvbDogQWJzdHJhY3RDb250cm9sKTpWYWxpZGF0aW9uRXJyb3JzIHwgbnVsbCA9PiB7XG4gICAgICBpZiAoY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpLmxlbmd0aCA9PT0gMCkge1xuICAgICAgICByZXR1cm4geyByZXF1aXJlZDoge30gfTtcbiAgICAgIH1cbiAgICAgIHJldHVybiBudWxsO1xuICAgIH07XG4gICAgcmV0dXJuIHZhbGlkYXRvcjtcbiAgfVxuXG4gIHB1YmxpYyBzdGF0aWMgbWFya0Rvd25QYXR0ZXJuVmFsaWRhdG9yKCk6IFZhbGlkYXRvckZuIHtcbiAgICBjb25zdCBwYXR0ZXJuID0gLyhcXFtbXlxcXV17MCw1MDB9XFxdXFwoW14pXXswLDUwMH1cXCl8IVxcW1teXFxdXXswLDUwMH1cXF1cXChbXildezAsNTAwfVxcKXw8aW1nW14+XXswLDUwMH0+fDxhW14+XXswLDUwMH0+Lio/PFxcL2E+KS87XG5cbiAgICByZXR1cm4gKGNvbnRyb2w6IEFic3RyYWN0Q29udHJvbCk6IFZhbGlkYXRpb25FcnJvcnMgfCBudWxsID0+IHtcbiAgICAgIGNvbnN0IHZhbHVlID0gY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpO1xuICAgICAgcmV0dXJuICh2YWx1ZSAmJiBwYXR0ZXJuLnRlc3QodmFsdWUpKSA/IHsgbWFya0Rvd25QYXR0ZXJuOiB7fSB9IDogbnVsbDtcbiAgICB9O1xuICB9XG5cbiAgLy8gVE9ETzogU3RyaXAgdGhpcyBvdXQgYXMgaXQncyBvbmx5IGhlcmUgZm9yIHRoZSBtb21lbnQgYmVjYXVzZVxuICAvLyB0aGUgc2VydmljZSBpcyBiZWluZyBpbmplY3RlZCBhbGwgb3ZlciB0aGUgcGxhY2UgYnV0IGl0IGRvZXNuJ3RcbiAgLy8gbmVlZCB0byBiZSBhcyBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuYWRkVmFsaWRhdG9ycyBpcyBwZXJmZWN0bHlcbiAgLy8gaGFwcHkgYmVpbmcgc3RhdGljLlxuICBwdWJsaWMgYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQ6IENhc2VGaWVsZCwgY29udHJvbDogQWJzdHJhY3RDb250cm9sKTogQWJzdHJhY3RDb250cm9sIHtcbiAgICByZXR1cm4gRm9ybVZhbGlkYXRvcnNTZXJ2aWNlLmFkZFZhbGlkYXRvcnMoY2FzZUZpZWxkLCBjb250cm9sKTtcbiAgfVxuXG4gIHB1YmxpYyBhZGRNYXJrRG93blZhbGlkYXRvcnMoZm9ybUdyb3VwOiBBYnN0cmFjdENvbnRyb2wsIGNvbnRyb2xQYXRoOiBzdHJpbmcpOiBBYnN0cmFjdENvbnRyb2wge1xuICAgIGNvbnN0IGNvbnRyb2wgPSBmb3JtR3JvdXAuZ2V0KGNvbnRyb2xQYXRoKTtcbiAgICBpZiAoY29udHJvbCkge1xuICAgICAgY29udHJvbC5zZXRWYWxpZGF0b3JzKEZvcm1WYWxpZGF0b3JzU2VydmljZS5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICBjb250cm9sLnVwZGF0ZVZhbHVlQW5kVmFsaWRpdHkoKTtcbiAgICB9XG4gICAgcmV0dXJuIGNvbnRyb2w7XG4gIH1cbn1cbiJdfQ==
90
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jY2QtY2FzZS11aS10b29sa2l0L3NyYy9saWIvc2hhcmVkL3NlcnZpY2VzL2Zvcm0vZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBQWtELFVBQVUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRTVGLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQzs7QUFLcEQsTUFBTSxPQUFPLHFCQUFxQjtJQUN4QixNQUFNLENBQVUsc0JBQXNCLEdBQW9CO1FBQ2hFLE1BQU0sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLGNBQWM7S0FDNUMsQ0FBQztJQUVNLE1BQU0sQ0FBVSxrQkFBa0IsR0FBRyxNQUFNLENBQUM7SUFDNUMsTUFBTSxDQUFVLHNCQUFzQixHQUFHLFdBQVcsQ0FBQztJQUV0RCxNQUFNLENBQUMsYUFBYSxDQUFDLFNBQW9CLEVBQUUsT0FBd0I7UUFDeEUsSUFDRSxTQUFTLENBQUMsZUFBZSxLQUFLLFNBQVMsQ0FBQyxTQUFTO1lBQ2pELHFCQUFxQixDQUFDLHNCQUFzQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUN0RixDQUFDO1lBQ0QsTUFBTSxVQUFVLEdBQUcsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDekMsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztnQkFDekMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztvQkFDNUMsVUFBVSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO2dCQUMvRSxDQUFDO3FCQUFNLENBQUM7b0JBQ04sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDekMsQ0FBQztnQkFDRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsS0FBSyxRQUFRLENBQUMsRUFBRSxDQUFDO29CQUMvRSxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNsRSxDQUFDO2dCQUNELElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxLQUFLLFFBQVEsQ0FBQyxFQUFFLENBQUM7b0JBQy9FLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xFLENBQUM7WUFDSCxDQUFDO1lBRUQsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDN0MsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDdkMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEIsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUNELE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDcEMsQ0FBQzthQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsS0FBSyxVQUFVLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssVUFBVSxDQUFDO2VBQ3RJLENBQUMsU0FBUyxDQUFDLGVBQWUsS0FBSyxTQUFTLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUN4RixPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTSxNQUFNLENBQUMsY0FBYztRQUMxQixNQUFNLFNBQVMsR0FBRyxDQUFDLE9BQXdCLEVBQTBCLEVBQUU7WUFDckUsSUFBSSxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDbkQsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUMxQixDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7UUFDRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU0sTUFBTSxDQUFDLHdCQUF3QjtRQUNwQyxNQUFNLFdBQVcsR0FBRyxpQkFBaUIsQ0FBQztRQUN0QyxNQUFNLE9BQU8sR0FBRyw4RkFBOEYsQ0FBQztRQUMvRyxNQUFNLGlCQUFpQixHQUFHLGNBQWMsQ0FBQztRQUV6QyxPQUFPLENBQUMsT0FBd0IsRUFBMkIsRUFBRTtZQUMzRCxNQUFNLEtBQUssR0FBRyxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2hELElBQ0UsS0FBSztnQkFDTCxDQUNFLE9BQU8sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDO29CQUNuQixXQUFXLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQztvQkFDdkIsaUJBQWlCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUM5QixFQUNELENBQUM7Z0JBQ0QsT0FBTyxFQUFFLGVBQWUsRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUNqQyxDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7SUFDSixDQUFDO0lBRUQsZ0VBQWdFO0lBQ2hFLGtFQUFrRTtJQUNsRSxpRUFBaUU7SUFDakUsc0JBQXNCO0lBQ2YsYUFBYSxDQUFDLFNBQW9CLEVBQUUsT0FBd0I7UUFDakUsT0FBTyxxQkFBcUIsQ0FBQyxhQUFhLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFTSxxQkFBcUIsQ0FBQyxTQUEwQixFQUFFLFdBQW1CO1FBQzFFLE1BQU0sT0FBTyxHQUFHLFNBQVMsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDM0MsSUFBSSxPQUFPLEVBQUUsQ0FBQztZQUNaLE9BQU8sQ0FBQyxhQUFhLENBQUMscUJBQXFCLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBQ25DLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDOytHQTVGVSxxQkFBcUI7Z0VBQXJCLHFCQUFxQixXQUFyQixxQkFBcUI7O2lGQUFyQixxQkFBcUI7Y0FEakMsVUFBVSIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCB7IEFic3RyYWN0Q29udHJvbCwgVmFsaWRhdGlvbkVycm9ycywgVmFsaWRhdG9yRm4sIFZhbGlkYXRvcnMgfSBmcm9tICdAYW5ndWxhci9mb3Jtcyc7XG5cbmltcG9ydCB7IENvbnN0YW50cyB9IGZyb20gJy4uLy4uL2NvbW1vbnMvY29uc3RhbnRzJztcbmltcG9ydCB7IENhc2VGaWVsZCB9IGZyb20gJy4uLy4uL2RvbWFpbi9kZWZpbml0aW9uL2Nhc2UtZmllbGQubW9kZWwnO1xuaW1wb3J0IHsgRmllbGRUeXBlRW51bSB9IGZyb20gJy4uLy4uL2RvbWFpbi9kZWZpbml0aW9uL2ZpZWxkLXR5cGUtZW51bS5tb2RlbCc7XG5cbkBJbmplY3RhYmxlKClcbmV4cG9ydCBjbGFzcyBGb3JtVmFsaWRhdG9yc1NlcnZpY2Uge1xuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBDVVNUT01fVkFMSURBVEVEX1RZUEVTOiBGaWVsZFR5cGVFbnVtW10gPSBbXG4gICAgJ0RhdGUnLCAnTW9uZXlHQlAnLCAnTGFiZWwnLCAnSnVkaWNpYWxVc2VyJ1xuICBdO1xuXG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IERFRkFVTFRfSU5QVVRfVEVYVCA9ICd0ZXh0JztcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgREVGQVVMVF9JTlBVVF9URVhUQVJFQSA9ICd0ZXh0QXJlYXMnO1xuXG4gIHB1YmxpYyBzdGF0aWMgYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQ6IENhc2VGaWVsZCwgY29udHJvbDogQWJzdHJhY3RDb250cm9sKTogQWJzdHJhY3RDb250cm9sIHtcbiAgICBpZiAoXG4gICAgICBjYXNlRmllbGQuZGlzcGxheV9jb250ZXh0ID09PSBDb25zdGFudHMuTUFOREFUT1JZICYmXG4gICAgICBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuQ1VTVE9NX1ZBTElEQVRFRF9UWVBFUy5pbmRleE9mKGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUpID09PSAtMVxuICAgICkge1xuICAgICAgY29uc3QgdmFsaWRhdG9ycyA9IFtWYWxpZGF0b3JzLnJlcXVpcmVkXTtcbiAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dCcpIHtcbiAgICAgICAgdmFsaWRhdG9ycy5wdXNoKHRoaXMubWFya0Rvd25QYXR0ZXJuVmFsaWRhdG9yKCkpO1xuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUucmVndWxhcl9leHByZXNzaW9uKSB7XG4gICAgICAgICAgdmFsaWRhdG9ycy5wdXNoKFZhbGlkYXRvcnMucGF0dGVybihjYXNlRmllbGQuZmllbGRfdHlwZS5yZWd1bGFyX2V4cHJlc3Npb24pKTtcbiAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5lbXB0eVZhbGlkYXRvcigpKTtcbiAgICAgICAgfVxuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluICYmICh0eXBlb2YgY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluID09PSAnbnVtYmVyJykpIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2goVmFsaWRhdG9ycy5taW5MZW5ndGgoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluKSk7XG4gICAgICAgIH1cbiAgICAgICAgaWYgKGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCAmJiAodHlwZW9mIGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCA9PT0gJ251bWJlcicpKSB7XG4gICAgICAgICAgdmFsaWRhdG9ycy5wdXNoKFZhbGlkYXRvcnMubWF4TGVuZ3RoKGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCkpO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dEFyZWEnKSB7XG4gICAgICAgIHZhbGlkYXRvcnMucHVzaCh0aGlzLmVtcHR5VmFsaWRhdG9yKCkpO1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICB9XG5cbiAgICAgIGlmIChjb250cm9sLnZhbGlkYXRvcikge1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2goY29udHJvbC52YWxpZGF0b3IpO1xuICAgICAgfVxuICAgICAgY29udHJvbC5zZXRWYWxpZGF0b3JzKHZhbGlkYXRvcnMpO1xuICAgIH0gZWxzZSBpZiAoY2FzZUZpZWxkLmRpc3BsYXlfY29udGV4dCA9PT0gJ09QVElPTkFMJyAmJiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUudHlwZSA9PT0gJ1RleHQnIHx8IGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUgPT09ICdUZXh0QXJlYScpXG4gICAgfHwgKGNhc2VGaWVsZC5kaXNwbGF5X2NvbnRleHQgPT09ICdDT01QTEVYJyAmJiBjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnQ29tcGxleCcpKSB7XG4gICAgICBjb250cm9sLnNldFZhbGlkYXRvcnModGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgfVxuXG4gICAgcmV0dXJuIGNvbnRyb2w7XG4gIH1cblxuICBwdWJsaWMgc3RhdGljIGVtcHR5VmFsaWRhdG9yKCk6IFZhbGlkYXRvckZuIHtcbiAgICBjb25zdCB2YWxpZGF0b3IgPSAoY29udHJvbDogQWJzdHJhY3RDb250cm9sKTpWYWxpZGF0aW9uRXJyb3JzIHwgbnVsbCA9PiB7XG4gICAgICBpZiAoY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpLmxlbmd0aCA9PT0gMCkge1xuICAgICAgICByZXR1cm4geyByZXF1aXJlZDoge30gfTtcbiAgICAgIH1cbiAgICAgIHJldHVybiBudWxsO1xuICAgIH07XG4gICAgcmV0dXJuIHZhbGlkYXRvcjtcbiAgfVxuXG4gIHB1YmxpYyBzdGF0aWMgbWFya0Rvd25QYXR0ZXJuVmFsaWRhdG9yKCk6IFZhbGlkYXRvckZuIHtcbiAgICBjb25zdCBhVGFnUGF0dGVybiA9IC88YVxcYltePl0qKD58JCkvaTtcbiAgICBjb25zdCBwYXR0ZXJuID0gLyhcXFtbXlxcXV17MCw1MDB9XFxdXFwoW14pXXswLDUwMH1cXCl8IVxcW1teXFxdXXswLDUwMH1cXF1cXChbXildezAsNTAwfVxcKXw8aW1nXFxiW14+XXswLDUwMH0oPzo+fCQpKS9pO1xuICAgIGNvbnN0IGhhc0Rhbmdlcm91c0F0dHJzID0gL1xcYm9uXFx3K1xccyo9L2k7XG5cbiAgICByZXR1cm4gKGNvbnRyb2w6IEFic3RyYWN0Q29udHJvbCk6IFZhbGlkYXRpb25FcnJvcnMgfCBudWxsID0+IHtcbiAgICAgIGNvbnN0IHZhbHVlID0gY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpO1xuICAgICAgaWYgKFxuICAgICAgICB2YWx1ZSAmJlxuICAgICAgICAoXG4gICAgICAgICAgcGF0dGVybi50ZXN0KHZhbHVlKSB8fFxuICAgICAgICAgIGFUYWdQYXR0ZXJuLnRlc3QodmFsdWUpIHx8XG4gICAgICAgICAgaGFzRGFuZ2Vyb3VzQXR0cnMudGVzdCh2YWx1ZSlcbiAgICAgICAgKVxuICAgICAgKSB7XG4gICAgICAgIHJldHVybiB7IG1hcmtEb3duUGF0dGVybjoge30gfTtcbiAgICAgIH1cbiAgICAgIHJldHVybiBudWxsO1xuICAgIH07XG4gIH1cblxuICAvLyBUT0RPOiBTdHJpcCB0aGlzIG91dCBhcyBpdCdzIG9ubHkgaGVyZSBmb3IgdGhlIG1vbWVudCBiZWNhdXNlXG4gIC8vIHRoZSBzZXJ2aWNlIGlzIGJlaW5nIGluamVjdGVkIGFsbCBvdmVyIHRoZSBwbGFjZSBidXQgaXQgZG9lc24ndFxuICAvLyBuZWVkIHRvIGJlIGFzIEZvcm1WYWxpZGF0b3JzU2VydmljZS5hZGRWYWxpZGF0b3JzIGlzIHBlcmZlY3RseVxuICAvLyBoYXBweSBiZWluZyBzdGF0aWMuXG4gIHB1YmxpYyBhZGRWYWxpZGF0b3JzKGNhc2VGaWVsZDogQ2FzZUZpZWxkLCBjb250cm9sOiBBYnN0cmFjdENvbnRyb2wpOiBBYnN0cmFjdENvbnRyb2wge1xuICAgIHJldHVybiBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQsIGNvbnRyb2wpO1xuICB9XG5cbiAgcHVibGljIGFkZE1hcmtEb3duVmFsaWRhdG9ycyhmb3JtR3JvdXA6IEFic3RyYWN0Q29udHJvbCwgY29udHJvbFBhdGg6IHN0cmluZyk6IEFic3RyYWN0Q29udHJvbCB7XG4gICAgY29uc3QgY29udHJvbCA9IGZvcm1Hcm91cC5nZXQoY29udHJvbFBhdGgpO1xuICAgIGlmIChjb250cm9sKSB7XG4gICAgICBjb250cm9sLnNldFZhbGlkYXRvcnMoRm9ybVZhbGlkYXRvcnNTZXJ2aWNlLm1hcmtEb3duUGF0dGVyblZhbGlkYXRvcigpKTtcbiAgICAgIGNvbnRyb2wudXBkYXRlVmFsdWVBbmRWYWxpZGl0eSgpO1xuICAgIH1cbiAgICByZXR1cm4gY29udHJvbDtcbiAgfVxufVxuIl19
package/fesm2022/hmcts-ccd-case-ui-toolkit.mjs CHANGED
@@ -5079,10 +5079,18 @@ class FormValidatorsService {
5079
5079
  return validator;
5080
5080
  }
5081
5081
  static markDownPatternValidator() {
5082
- const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img[^>]{0,500}>|<a[^>]{0,500}>.*?<\/a>)/;
5082
+ const aTagPattern = /<a\b[^>]*(>|$)/i;
5083
+ const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img\b[^>]{0,500}(?:>|$))/i;
5084
+ const hasDangerousAttrs = /\bon\w+\s*=/i;
5083
5085
  return (control) => {
5084
5086
  const value = control?.value?.toString().trim();
5085
- return (value && pattern.test(value)) ? { markDownPattern: {} } : null;
5087
+ if (value &&
5088
+ (pattern.test(value) ||
5089
+ aTagPattern.test(value) ||
5090
+ hasDangerousAttrs.test(value))) {
5091
+ return { markDownPattern: {} };
5092
+ }
5093
+ return null;
5086
5094
  };
5087
5095
  }
5088
5096
  // TODO: Strip this out as it's only here for the moment because