@hmcts/ccd-case-ui-toolkit 7.2.52 → 7.2.53-2673-rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/esm2022/lib/shared/services/form/form-validators.service.mjs +13 -3
  2. package/fesm2022/hmcts-ccd-case-ui-toolkit.mjs +12 -2
  3. package/fesm2022/hmcts-ccd-case-ui-toolkit.mjs.map +1 -1
  4. package/lib/shared/services/form/form-validators.service.d.ts.map +1 -1
  5. package/package.json +1 -1
package/esm2022/lib/shared/services/form/form-validators.service.mjs CHANGED
@@ -52,10 +52,20 @@ export class FormValidatorsService {
52
52
  return validator;
53
53
  }
54
54
  static markDownPatternValidator() {
55
- const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img[^>]{0,500}>|<a[^>]{0,500}>.*?<\/a>)/;
55
+ const aTagPattern = /<a\b[^>]*(>|$)/i;
56
+ const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img\b[^>]{0,500}(?:>|$))/i;
57
+ const hasDangerousAttrs = /\bon\w+\s*=/i;
58
+ const scriptTagPattern = /<script\b[^>]*(>|$)/i;
56
59
  return (control) => {
57
60
  const value = control?.value?.toString().trim();
58
- return (value && pattern.test(value)) ? { markDownPattern: {} } : null;
61
+ if (value &&
62
+ (pattern.test(value) ||
63
+ aTagPattern.test(value) ||
64
+ scriptTagPattern.test(value) ||
65
+ hasDangerousAttrs.test(value))) {
66
+ return { markDownPattern: {} };
67
+ }
68
+ return null;
59
69
  };
60
70
  }
61
71
  // TODO: Strip this out as it's only here for the moment because
@@ -79,4 +89,4 @@ export class FormValidatorsService {
79
89
  (() => { (typeof ngDevMode === "undefined" || ngDevMode) && i0.ɵsetClassMetadata(FormValidatorsService, [{
80
90
  type: Injectable
81
91
  }], null, null); })();
82
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jY2QtY2FzZS11aS10b29sa2l0L3NyYy9saWIvc2hhcmVkL3NlcnZpY2VzL2Zvcm0vZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBQWtELFVBQVUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRTVGLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQzs7QUFLcEQsTUFBTSxPQUFPLHFCQUFxQjtJQUN4QixNQUFNLENBQVUsc0JBQXNCLEdBQW9CO1FBQ2hFLE1BQU0sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLGNBQWM7S0FDNUMsQ0FBQztJQUNNLE1BQU0sQ0FBVSxrQkFBa0IsR0FBRyxNQUFNLENBQUM7SUFDNUMsTUFBTSxDQUFVLHNCQUFzQixHQUFHLFdBQVcsQ0FBQztJQUV0RCxNQUFNLENBQUMsYUFBYSxDQUFDLFNBQW9CLEVBQUUsT0FBd0I7UUFDeEUsSUFDRSxTQUFTLENBQUMsZUFBZSxLQUFLLFNBQVMsQ0FBQyxTQUFTO1lBQ2pELHFCQUFxQixDQUFDLHNCQUFzQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUN0RixDQUFDO1lBQ0QsTUFBTSxVQUFVLEdBQUcsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDekMsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztnQkFDekMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztvQkFDNUMsVUFBVSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO2dCQUMvRSxDQUFDO3FCQUFNLENBQUM7b0JBQ04sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDekMsQ0FBQztnQkFDRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsS0FBSyxRQUFRLENBQUMsRUFBRSxDQUFDO29CQUMvRSxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNsRSxDQUFDO2dCQUNELElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxLQUFLLFFBQVEsQ0FBQyxFQUFFLENBQUM7b0JBQy9FLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xFLENBQUM7WUFDSCxDQUFDO1lBRUQsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDN0MsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDdkMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEIsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUNELE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDcEMsQ0FBQzthQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsS0FBSyxVQUFVLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssVUFBVSxDQUFDO2VBQ3RJLENBQUMsU0FBUyxDQUFDLGVBQWUsS0FBSyxTQUFTLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUN4RixPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTSxNQUFNLENBQUMsY0FBYztRQUMxQixNQUFNLFNBQVMsR0FBRyxDQUFDLE9BQXdCLEVBQTBCLEVBQUU7WUFDckUsSUFBSSxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDbkQsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUMxQixDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7UUFDRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU0sTUFBTSxDQUFDLHdCQUF3QjtRQUNwQyxNQUFNLE9BQU8sR0FBRyw0R0FBNEcsQ0FBQztRQUU3SCxPQUFPLENBQUMsT0FBd0IsRUFBMkIsRUFBRTtZQUMzRCxNQUFNLEtBQUssR0FBRyxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2hELE9BQU8sQ0FBQyxLQUFLLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLGVBQWUsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQ3pFLENBQUMsQ0FBQztJQUNKLENBQUM7SUFFRCxnRUFBZ0U7SUFDaEUsa0VBQWtFO0lBQ2xFLGlFQUFpRTtJQUNqRSxzQkFBc0I7SUFDZixhQUFhLENBQUMsU0FBb0IsRUFBRSxPQUF3QjtRQUNqRSxPQUFPLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVNLHFCQUFxQixDQUFDLFNBQTBCLEVBQUUsV0FBbUI7UUFDMUUsTUFBTSxPQUFPLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMzQyxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQ1osT0FBTyxDQUFDLGFBQWEsQ0FBQyxxQkFBcUIsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7WUFDeEUsT0FBTyxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDbkMsQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7K0dBL0VVLHFCQUFxQjtnRUFBckIscUJBQXFCLFdBQXJCLHFCQUFxQjs7aUZBQXJCLHFCQUFxQjtjQURqQyxVQUFVIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQWJzdHJhY3RDb250cm9sLCBWYWxpZGF0aW9uRXJyb3JzLCBWYWxpZGF0b3JGbiwgVmFsaWRhdG9ycyB9IGZyb20gJ0Bhbmd1bGFyL2Zvcm1zJztcblxuaW1wb3J0IHsgQ29uc3RhbnRzIH0gZnJvbSAnLi4vLi4vY29tbW9ucy9jb25zdGFudHMnO1xuaW1wb3J0IHsgQ2FzZUZpZWxkIH0gZnJvbSAnLi4vLi4vZG9tYWluL2RlZmluaXRpb24vY2FzZS1maWVsZC5tb2RlbCc7XG5pbXBvcnQgeyBGaWVsZFR5cGVFbnVtIH0gZnJvbSAnLi4vLi4vZG9tYWluL2RlZmluaXRpb24vZmllbGQtdHlwZS1lbnVtLm1vZGVsJztcblxuQEluamVjdGFibGUoKVxuZXhwb3J0IGNsYXNzIEZvcm1WYWxpZGF0b3JzU2VydmljZSB7XG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IENVU1RPTV9WQUxJREFURURfVFlQRVM6IEZpZWxkVHlwZUVudW1bXSA9IFtcbiAgICAnRGF0ZScsICdNb25leUdCUCcsICdMYWJlbCcsICdKdWRpY2lhbFVzZXInXG4gIF07XG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IERFRkFVTFRfSU5QVVRfVEVYVCA9ICd0ZXh0JztcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgREVGQVVMVF9JTlBVVF9URVhUQVJFQSA9ICd0ZXh0QXJlYXMnO1xuXG4gIHB1YmxpYyBzdGF0aWMgYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQ6IENhc2VGaWVsZCwgY29udHJvbDogQWJzdHJhY3RDb250cm9sKTogQWJzdHJhY3RDb250cm9sIHtcbiAgICBpZiAoXG4gICAgICBjYXNlRmllbGQuZGlzcGxheV9jb250ZXh0ID09PSBDb25zdGFudHMuTUFOREFUT1JZICYmXG4gICAgICBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuQ1VTVE9NX1ZBTElEQVRFRF9UWVBFUy5pbmRleE9mKGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUpID09PSAtMVxuICAgICkge1xuICAgICAgY29uc3QgdmFsaWRhdG9ycyA9IFtWYWxpZGF0b3JzLnJlcXVpcmVkXTtcbiAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dCcpIHtcbiAgICAgICAgdmFsaWRhdG9ycy5wdXNoKHRoaXMubWFya0Rvd25QYXR0ZXJuVmFsaWRhdG9yKCkpO1xuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUucmVndWxhcl9leHByZXNzaW9uKSB7XG4gICAgICAgICAgdmFsaWRhdG9ycy5wdXNoKFZhbGlkYXRvcnMucGF0dGVybihjYXNlRmllbGQuZmllbGRfdHlwZS5yZWd1bGFyX2V4cHJlc3Npb24pKTtcbiAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5lbXB0eVZhbGlkYXRvcigpKTtcbiAgICAgICAgfVxuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluICYmICh0eXBlb2YgY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluID09PSAnbnVtYmVyJykpIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2goVmFsaWRhdG9ycy5taW5MZW5ndGgoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWluKSk7XG4gICAgICAgIH1cbiAgICAgICAgaWYgKGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCAmJiAodHlwZW9mIGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCA9PT0gJ251bWJlcicpKSB7XG4gICAgICAgICAgdmFsaWRhdG9ycy5wdXNoKFZhbGlkYXRvcnMubWF4TGVuZ3RoKGNhc2VGaWVsZC5maWVsZF90eXBlLm1heCkpO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dEFyZWEnKSB7XG4gICAgICAgIHZhbGlkYXRvcnMucHVzaCh0aGlzLmVtcHR5VmFsaWRhdG9yKCkpO1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICB9XG5cbiAgICAgIGlmIChjb250cm9sLnZhbGlkYXRvcikge1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2goY29udHJvbC52YWxpZGF0b3IpO1xuICAgICAgfVxuICAgICAgY29udHJvbC5zZXRWYWxpZGF0b3JzKHZhbGlkYXRvcnMpO1xuICAgIH0gZWxzZSBpZiAoY2FzZUZpZWxkLmRpc3BsYXlfY29udGV4dCA9PT0gJ09QVElPTkFMJyAmJiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUudHlwZSA9PT0gJ1RleHQnIHx8IGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUgPT09ICdUZXh0QXJlYScpXG4gICAgfHwgKGNhc2VGaWVsZC5kaXNwbGF5X2NvbnRleHQgPT09ICdDT01QTEVYJyAmJiBjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnQ29tcGxleCcpKSB7XG4gICAgICBjb250cm9sLnNldFZhbGlkYXRvcnModGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgfVxuXG4gICAgcmV0dXJuIGNvbnRyb2w7XG4gIH1cblxuICBwdWJsaWMgc3RhdGljIGVtcHR5VmFsaWRhdG9yKCk6IFZhbGlkYXRvckZuIHtcbiAgICBjb25zdCB2YWxpZGF0b3IgPSAoY29udHJvbDogQWJzdHJhY3RDb250cm9sKTpWYWxpZGF0aW9uRXJyb3JzIHwgbnVsbCA9PiB7XG4gICAgICBpZiAoY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpLmxlbmd0aCA9PT0gMCkge1xuICAgICAgICByZXR1cm4geyByZXF1aXJlZDoge30gfTtcbiAgICAgIH1cbiAgICAgIHJldHVybiBudWxsO1xuICAgIH07XG4gICAgcmV0dXJuIHZhbGlkYXRvcjtcbiAgfVxuXG4gIHB1YmxpYyBzdGF0aWMgbWFya0Rvd25QYXR0ZXJuVmFsaWRhdG9yKCk6IFZhbGlkYXRvckZuIHtcbiAgICBjb25zdCBwYXR0ZXJuID0gLyhcXFtbXlxcXV17MCw1MDB9XFxdXFwoW14pXXswLDUwMH1cXCl8IVxcW1teXFxdXXswLDUwMH1cXF1cXChbXildezAsNTAwfVxcKXw8aW1nW14+XXswLDUwMH0+fDxhW14+XXswLDUwMH0+Lio/PFxcL2E+KS87XG5cbiAgICByZXR1cm4gKGNvbnRyb2w6IEFic3RyYWN0Q29udHJvbCk6IFZhbGlkYXRpb25FcnJvcnMgfCBudWxsID0+IHtcbiAgICAgIGNvbnN0IHZhbHVlID0gY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpO1xuICAgICAgcmV0dXJuICh2YWx1ZSAmJiBwYXR0ZXJuLnRlc3QodmFsdWUpKSA/IHsgbWFya0Rvd25QYXR0ZXJuOiB7fSB9IDogbnVsbDtcbiAgICB9O1xuICB9XG5cbiAgLy8gVE9ETzogU3RyaXAgdGhpcyBvdXQgYXMgaXQncyBvbmx5IGhlcmUgZm9yIHRoZSBtb21lbnQgYmVjYXVzZVxuICAvLyB0aGUgc2VydmljZSBpcyBiZWluZyBpbmplY3RlZCBhbGwgb3ZlciB0aGUgcGxhY2UgYnV0IGl0IGRvZXNuJ3RcbiAgLy8gbmVlZCB0byBiZSBhcyBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuYWRkVmFsaWRhdG9ycyBpcyBwZXJmZWN0bHlcbiAgLy8gaGFwcHkgYmVpbmcgc3RhdGljLlxuICBwdWJsaWMgYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQ6IENhc2VGaWVsZCwgY29udHJvbDogQWJzdHJhY3RDb250cm9sKTogQWJzdHJhY3RDb250cm9sIHtcbiAgICByZXR1cm4gRm9ybVZhbGlkYXRvcnNTZXJ2aWNlLmFkZFZhbGlkYXRvcnMoY2FzZUZpZWxkLCBjb250cm9sKTtcbiAgfVxuXG4gIHB1YmxpYyBhZGRNYXJrRG93blZhbGlkYXRvcnMoZm9ybUdyb3VwOiBBYnN0cmFjdENvbnRyb2wsIGNvbnRyb2xQYXRoOiBzdHJpbmcpOiBBYnN0cmFjdENvbnRyb2wge1xuICAgIGNvbnN0IGNvbnRyb2wgPSBmb3JtR3JvdXAuZ2V0KGNvbnRyb2xQYXRoKTtcbiAgICBpZiAoY29udHJvbCkge1xuICAgICAgY29udHJvbC5zZXRWYWxpZGF0b3JzKEZvcm1WYWxpZGF0b3JzU2VydmljZS5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICBjb250cm9sLnVwZGF0ZVZhbHVlQW5kVmFsaWRpdHkoKTtcbiAgICB9XG4gICAgcmV0dXJuIGNvbnRyb2w7XG4gIH1cbn1cbiJdfQ==
92
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jY2QtY2FzZS11aS10b29sa2l0L3NyYy9saWIvc2hhcmVkL3NlcnZpY2VzL2Zvcm0vZm9ybS12YWxpZGF0b3JzLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBQWtELFVBQVUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRTVGLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQzs7QUFLcEQsTUFBTSxPQUFPLHFCQUFxQjtJQUN4QixNQUFNLENBQVUsc0JBQXNCLEdBQW9CO1FBQ2hFLE1BQU0sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLGNBQWM7S0FDNUMsQ0FBQztJQUVNLE1BQU0sQ0FBVSxrQkFBa0IsR0FBRyxNQUFNLENBQUM7SUFDNUMsTUFBTSxDQUFVLHNCQUFzQixHQUFHLFdBQVcsQ0FBQztJQUV0RCxNQUFNLENBQUMsYUFBYSxDQUFDLFNBQW9CLEVBQUUsT0FBd0I7UUFDeEUsSUFDRSxTQUFTLENBQUMsZUFBZSxLQUFLLFNBQVMsQ0FBQyxTQUFTO1lBQ2pELHFCQUFxQixDQUFDLHNCQUFzQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUN0RixDQUFDO1lBQ0QsTUFBTSxVQUFVLEdBQUcsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDekMsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztnQkFDekMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztvQkFDNUMsVUFBVSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO2dCQUMvRSxDQUFDO3FCQUFNLENBQUM7b0JBQ04sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDekMsQ0FBQztnQkFDRCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsS0FBSyxRQUFRLENBQUMsRUFBRSxDQUFDO29CQUMvRSxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNsRSxDQUFDO2dCQUNELElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxLQUFLLFFBQVEsQ0FBQyxFQUFFLENBQUM7b0JBQy9FLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xFLENBQUM7WUFDSCxDQUFDO1lBRUQsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDN0MsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztnQkFDdkMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEIsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUNELE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDcEMsQ0FBQzthQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsS0FBSyxVQUFVLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxNQUFNLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssVUFBVSxDQUFDO2VBQ3RJLENBQUMsU0FBUyxDQUFDLGVBQWUsS0FBSyxTQUFTLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUN4RixPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTSxNQUFNLENBQUMsY0FBYztRQUMxQixNQUFNLFNBQVMsR0FBRyxDQUFDLE9BQXdCLEVBQTBCLEVBQUU7WUFDckUsSUFBSSxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDbkQsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUMxQixDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7UUFDRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU0sTUFBTSxDQUFDLHdCQUF3QjtRQUNwQyxNQUFNLFdBQVcsR0FBRyxpQkFBaUIsQ0FBQztRQUN0QyxNQUFNLE9BQU8sR0FBRyw4RkFBOEYsQ0FBQztRQUMvRyxNQUFNLGlCQUFpQixHQUFHLGNBQWMsQ0FBQztRQUN6QyxNQUFNLGdCQUFnQixHQUFHLHNCQUFzQixDQUFDO1FBRWhELE9BQU8sQ0FBQyxPQUF3QixFQUEyQixFQUFFO1lBQzNELE1BQU0sS0FBSyxHQUFHLE9BQU8sRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDaEQsSUFDRSxLQUFLO2dCQUNMLENBQ0UsT0FBTyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUM7b0JBQ25CLFdBQVcsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDO29CQUN2QixnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDO29CQUM1QixpQkFBaUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQzlCLEVBQ0QsQ0FBQztnQkFDRCxPQUFPLEVBQUUsZUFBZSxFQUFFLEVBQUUsRUFBRSxDQUFDO1lBQ2pDLENBQUM7WUFDRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUMsQ0FBQztJQUNKLENBQUM7SUFFRCxnRUFBZ0U7SUFDaEUsa0VBQWtFO0lBQ2xFLGlFQUFpRTtJQUNqRSxzQkFBc0I7SUFDZixhQUFhLENBQUMsU0FBb0IsRUFBRSxPQUF3QjtRQUNqRSxPQUFPLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVNLHFCQUFxQixDQUFDLFNBQTBCLEVBQUUsV0FBbUI7UUFDMUUsTUFBTSxPQUFPLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMzQyxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQ1osT0FBTyxDQUFDLGFBQWEsQ0FBQyxxQkFBcUIsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDLENBQUM7WUFDeEUsT0FBTyxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDbkMsQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7K0dBOUZVLHFCQUFxQjtnRUFBckIscUJBQXFCLFdBQXJCLHFCQUFxQjs7aUZBQXJCLHFCQUFxQjtjQURqQyxVQUFVIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQWJzdHJhY3RDb250cm9sLCBWYWxpZGF0aW9uRXJyb3JzLCBWYWxpZGF0b3JGbiwgVmFsaWRhdG9ycyB9IGZyb20gJ0Bhbmd1bGFyL2Zvcm1zJztcblxuaW1wb3J0IHsgQ29uc3RhbnRzIH0gZnJvbSAnLi4vLi4vY29tbW9ucy9jb25zdGFudHMnO1xuaW1wb3J0IHsgQ2FzZUZpZWxkIH0gZnJvbSAnLi4vLi4vZG9tYWluL2RlZmluaXRpb24vY2FzZS1maWVsZC5tb2RlbCc7XG5pbXBvcnQgeyBGaWVsZFR5cGVFbnVtIH0gZnJvbSAnLi4vLi4vZG9tYWluL2RlZmluaXRpb24vZmllbGQtdHlwZS1lbnVtLm1vZGVsJztcblxuQEluamVjdGFibGUoKVxuZXhwb3J0IGNsYXNzIEZvcm1WYWxpZGF0b3JzU2VydmljZSB7XG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IENVU1RPTV9WQUxJREFURURfVFlQRVM6IEZpZWxkVHlwZUVudW1bXSA9IFtcbiAgICAnRGF0ZScsICdNb25leUdCUCcsICdMYWJlbCcsICdKdWRpY2lhbFVzZXInXG4gIF07XG5cbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgREVGQVVMVF9JTlBVVF9URVhUID0gJ3RleHQnO1xuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBERUZBVUxUX0lOUFVUX1RFWFRBUkVBID0gJ3RleHRBcmVhcyc7XG5cbiAgcHVibGljIHN0YXRpYyBhZGRWYWxpZGF0b3JzKGNhc2VGaWVsZDogQ2FzZUZpZWxkLCBjb250cm9sOiBBYnN0cmFjdENvbnRyb2wpOiBBYnN0cmFjdENvbnRyb2wge1xuICAgIGlmIChcbiAgICAgIGNhc2VGaWVsZC5kaXNwbGF5X2NvbnRleHQgPT09IENvbnN0YW50cy5NQU5EQVRPUlkgJiZcbiAgICAgIEZvcm1WYWxpZGF0b3JzU2VydmljZS5DVVNUT01fVkFMSURBVEVEX1RZUEVTLmluZGV4T2YoY2FzZUZpZWxkLmZpZWxkX3R5cGUudHlwZSkgPT09IC0xXG4gICAgKSB7XG4gICAgICBjb25zdCB2YWxpZGF0b3JzID0gW1ZhbGlkYXRvcnMucmVxdWlyZWRdO1xuICAgICAgaWYgKGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUgPT09ICdUZXh0Jykge1xuICAgICAgICB2YWxpZGF0b3JzLnB1c2godGhpcy5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS5yZWd1bGFyX2V4cHJlc3Npb24pIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2goVmFsaWRhdG9ycy5wYXR0ZXJuKGNhc2VGaWVsZC5maWVsZF90eXBlLnJlZ3VsYXJfZXhwcmVzc2lvbikpO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIHZhbGlkYXRvcnMucHVzaCh0aGlzLmVtcHR5VmFsaWRhdG9yKCkpO1xuICAgICAgICB9XG4gICAgICAgIGlmIChjYXNlRmllbGQuZmllbGRfdHlwZS5taW4gJiYgKHR5cGVvZiBjYXNlRmllbGQuZmllbGRfdHlwZS5taW4gPT09ICdudW1iZXInKSkge1xuICAgICAgICAgIHZhbGlkYXRvcnMucHVzaChWYWxpZGF0b3JzLm1pbkxlbmd0aChjYXNlRmllbGQuZmllbGRfdHlwZS5taW4pKTtcbiAgICAgICAgfVxuICAgICAgICBpZiAoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWF4ICYmICh0eXBlb2YgY2FzZUZpZWxkLmZpZWxkX3R5cGUubWF4ID09PSAnbnVtYmVyJykpIHtcbiAgICAgICAgICB2YWxpZGF0b3JzLnB1c2goVmFsaWRhdG9ycy5tYXhMZW5ndGgoY2FzZUZpZWxkLmZpZWxkX3R5cGUubWF4KSk7XG4gICAgICAgIH1cbiAgICAgIH1cblxuICAgICAgaWYgKGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUgPT09ICdUZXh0QXJlYScpIHtcbiAgICAgICAgdmFsaWRhdG9ycy5wdXNoKHRoaXMuZW1wdHlWYWxpZGF0b3IoKSk7XG4gICAgICAgIHZhbGlkYXRvcnMucHVzaCh0aGlzLm1hcmtEb3duUGF0dGVyblZhbGlkYXRvcigpKTtcbiAgICAgIH1cblxuICAgICAgaWYgKGNvbnRyb2wudmFsaWRhdG9yKSB7XG4gICAgICAgIHZhbGlkYXRvcnMucHVzaChjb250cm9sLnZhbGlkYXRvcik7XG4gICAgICB9XG4gICAgICBjb250cm9sLnNldFZhbGlkYXRvcnModmFsaWRhdG9ycyk7XG4gICAgfSBlbHNlIGlmIChjYXNlRmllbGQuZGlzcGxheV9jb250ZXh0ID09PSAnT1BUSU9OQUwnICYmIChjYXNlRmllbGQuZmllbGRfdHlwZS50eXBlID09PSAnVGV4dCcgfHwgY2FzZUZpZWxkLmZpZWxkX3R5cGUudHlwZSA9PT0gJ1RleHRBcmVhJylcbiAgICB8fCAoY2FzZUZpZWxkLmRpc3BsYXlfY29udGV4dCA9PT0gJ0NPTVBMRVgnICYmIGNhc2VGaWVsZC5maWVsZF90eXBlLnR5cGUgPT09ICdDb21wbGV4JykpIHtcbiAgICAgIGNvbnRyb2wuc2V0VmFsaWRhdG9ycyh0aGlzLm1hcmtEb3duUGF0dGVyblZhbGlkYXRvcigpKTtcbiAgICB9XG5cbiAgICByZXR1cm4gY29udHJvbDtcbiAgfVxuXG4gIHB1YmxpYyBzdGF0aWMgZW1wdHlWYWxpZGF0b3IoKTogVmFsaWRhdG9yRm4ge1xuICAgIGNvbnN0IHZhbGlkYXRvciA9IChjb250cm9sOiBBYnN0cmFjdENvbnRyb2wpOlZhbGlkYXRpb25FcnJvcnMgfCBudWxsID0+IHtcbiAgICAgIGlmIChjb250cm9sPy52YWx1ZT8udG9TdHJpbmcoKS50cmltKCkubGVuZ3RoID09PSAwKSB7XG4gICAgICAgIHJldHVybiB7IHJlcXVpcmVkOiB7fSB9O1xuICAgICAgfVxuICAgICAgcmV0dXJuIG51bGw7XG4gICAgfTtcbiAgICByZXR1cm4gdmFsaWRhdG9yO1xuICB9XG5cbiAgcHVibGljIHN0YXRpYyBtYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKTogVmFsaWRhdG9yRm4ge1xuICAgIGNvbnN0IGFUYWdQYXR0ZXJuID0gLzxhXFxiW14+XSooPnwkKS9pO1xuICAgIGNvbnN0IHBhdHRlcm4gPSAvKFxcW1teXFxdXXswLDUwMH1cXF1cXChbXildezAsNTAwfVxcKXwhXFxbW15cXF1dezAsNTAwfVxcXVxcKFteKV17MCw1MDB9XFwpfDxpbWdcXGJbXj5dezAsNTAwfSg/Oj58JCkpL2k7XG4gICAgY29uc3QgaGFzRGFuZ2Vyb3VzQXR0cnMgPSAvXFxib25cXHcrXFxzKj0vaTtcbiAgICBjb25zdCBzY3JpcHRUYWdQYXR0ZXJuID0gLzxzY3JpcHRcXGJbXj5dKig+fCQpL2k7XG5cbiAgICByZXR1cm4gKGNvbnRyb2w6IEFic3RyYWN0Q29udHJvbCk6IFZhbGlkYXRpb25FcnJvcnMgfCBudWxsID0+IHtcbiAgICAgIGNvbnN0IHZhbHVlID0gY29udHJvbD8udmFsdWU/LnRvU3RyaW5nKCkudHJpbSgpO1xuICAgICAgaWYgKFxuICAgICAgICB2YWx1ZSAmJlxuICAgICAgICAoXG4gICAgICAgICAgcGF0dGVybi50ZXN0KHZhbHVlKSB8fFxuICAgICAgICAgIGFUYWdQYXR0ZXJuLnRlc3QodmFsdWUpIHx8XG4gICAgICAgICAgc2NyaXB0VGFnUGF0dGVybi50ZXN0KHZhbHVlKSB8fFxuICAgICAgICAgIGhhc0Rhbmdlcm91c0F0dHJzLnRlc3QodmFsdWUpXG4gICAgICAgIClcbiAgICAgICkge1xuICAgICAgICByZXR1cm4geyBtYXJrRG93blBhdHRlcm46IHt9IH07XG4gICAgICB9XG4gICAgICByZXR1cm4gbnVsbDtcbiAgICB9O1xuICB9XG5cbiAgLy8gVE9ETzogU3RyaXAgdGhpcyBvdXQgYXMgaXQncyBvbmx5IGhlcmUgZm9yIHRoZSBtb21lbnQgYmVjYXVzZVxuICAvLyB0aGUgc2VydmljZSBpcyBiZWluZyBpbmplY3RlZCBhbGwgb3ZlciB0aGUgcGxhY2UgYnV0IGl0IGRvZXNuJ3RcbiAgLy8gbmVlZCB0byBiZSBhcyBGb3JtVmFsaWRhdG9yc1NlcnZpY2UuYWRkVmFsaWRhdG9ycyBpcyBwZXJmZWN0bHlcbiAgLy8gaGFwcHkgYmVpbmcgc3RhdGljLlxuICBwdWJsaWMgYWRkVmFsaWRhdG9ycyhjYXNlRmllbGQ6IENhc2VGaWVsZCwgY29udHJvbDogQWJzdHJhY3RDb250cm9sKTogQWJzdHJhY3RDb250cm9sIHtcbiAgICByZXR1cm4gRm9ybVZhbGlkYXRvcnNTZXJ2aWNlLmFkZFZhbGlkYXRvcnMoY2FzZUZpZWxkLCBjb250cm9sKTtcbiAgfVxuXG4gIHB1YmxpYyBhZGRNYXJrRG93blZhbGlkYXRvcnMoZm9ybUdyb3VwOiBBYnN0cmFjdENvbnRyb2wsIGNvbnRyb2xQYXRoOiBzdHJpbmcpOiBBYnN0cmFjdENvbnRyb2wge1xuICAgIGNvbnN0IGNvbnRyb2wgPSBmb3JtR3JvdXAuZ2V0KGNvbnRyb2xQYXRoKTtcbiAgICBpZiAoY29udHJvbCkge1xuICAgICAgY29udHJvbC5zZXRWYWxpZGF0b3JzKEZvcm1WYWxpZGF0b3JzU2VydmljZS5tYXJrRG93blBhdHRlcm5WYWxpZGF0b3IoKSk7XG4gICAgICBjb250cm9sLnVwZGF0ZVZhbHVlQW5kVmFsaWRpdHkoKTtcbiAgICB9XG4gICAgcmV0dXJuIGNvbnRyb2w7XG4gIH1cbn1cbiJdfQ==
package/fesm2022/hmcts-ccd-case-ui-toolkit.mjs CHANGED
@@ -5079,10 +5079,20 @@ class FormValidatorsService {
5079
5079
  return validator;
5080
5080
  }
5081
5081
  static markDownPatternValidator() {
5082
- const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img[^>]{0,500}>|<a[^>]{0,500}>.*?<\/a>)/;
5082
+ const aTagPattern = /<a\b[^>]*(>|$)/i;
5083
+ const pattern = /(\[[^\]]{0,500}\]\([^)]{0,500}\)|!\[[^\]]{0,500}\]\([^)]{0,500}\)|<img\b[^>]{0,500}(?:>|$))/i;
5084
+ const hasDangerousAttrs = /\bon\w+\s*=/i;
5085
+ const scriptTagPattern = /<script\b[^>]*(>|$)/i;
5083
5086
  return (control) => {
5084
5087
  const value = control?.value?.toString().trim();
5085
- return (value && pattern.test(value)) ? { markDownPattern: {} } : null;
5088
+ if (value &&
5089
+ (pattern.test(value) ||
5090
+ aTagPattern.test(value) ||
5091
+ scriptTagPattern.test(value) ||
5092
+ hasDangerousAttrs.test(value))) {
5093
+ return { markDownPattern: {} };
5094
+ }
5095
+ return null;
5086
5096
  };
5087
5097
  }
5088
5098
  // TODO: Strip this out as it's only here for the moment because