From c1c33710b2d91895c356b001948312c625ea2587 Mon Sep 17 00:00:00 2001
From: Angelika Kinas <angelika.kinas@camptocamp.com>
Date: Wed, 29 Nov 2023 14:26:33 +0100
Subject: [PATCH 1/2] fix(DH): Prevent XSS

---
 .../metadata-info.component.html              |  2 +-
 .../lib/thumbnail/thumbnail.component.html    |  2 +-
 libs/util/shared/src/lib/pipes/SafePipe.ts    | 36 -------------------
 libs/util/shared/src/lib/pipes/index.ts       |  1 -
 .../util/shared/src/lib/util-shared.module.ts |  5 ++-
 5 files changed, 4 insertions(+), 42 deletions(-)
 delete mode 100644 libs/util/shared/src/lib/pipes/SafePipe.ts
 delete mode 100644 libs/util/shared/src/lib/pipes/index.ts

diff --git a/libs/ui/elements/src/lib/metadata-info/metadata-info.component.html b/libs/ui/elements/src/lib/metadata-info/metadata-info.component.html
index 7028c4304a..49f224d172 100644
--- a/libs/ui/elements/src/lib/metadata-info/metadata-info.component.html
+++ b/libs/ui/elements/src/lib/metadata-info/metadata-info.component.html
@@ -8,7 +8,7 @@
   <gn-ui-content-ghost ghostClass="h-32" [showContent]="fieldReady('abstract')">
     <p
       class="whitespace-pre-line break-words"
-      [innerHTML]="metadata.abstract | safe: 'html'"
+      [innerHTML]="metadata.abstract"
       *ngIf="metadata.abstract"
     ></p>
   </gn-ui-content-ghost>
diff --git a/libs/ui/elements/src/lib/thumbnail/thumbnail.component.html b/libs/ui/elements/src/lib/thumbnail/thumbnail.component.html
index 200d78db49..42a706a54b 100644
--- a/libs/ui/elements/src/lib/thumbnail/thumbnail.component.html
+++ b/libs/ui/elements/src/lib/thumbnail/thumbnail.component.html
@@ -12,7 +12,7 @@
     alt="thumbnail"
     loading="lazy"
     (load)="setObjectFit()"
-    [src]="imgUrl | safe: 'url'"
+    [src]="imgUrl"
     (error)="useFallback()"
   />
 </div>
diff --git a/libs/util/shared/src/lib/pipes/SafePipe.ts b/libs/util/shared/src/lib/pipes/SafePipe.ts
deleted file mode 100644
index 82244ad345..0000000000
--- a/libs/util/shared/src/lib/pipes/SafePipe.ts
+++ /dev/null
@@ -1,36 +0,0 @@
-import { Pipe, PipeTransform } from '@angular/core'
-import {
-  DomSanitizer,
-  SafeHtml,
-  SafeStyle,
-  SafeScript,
-  SafeUrl,
-  SafeResourceUrl,
-} from '@angular/platform-browser'
-
-@Pipe({
-  name: 'safe',
-})
-export class SafePipe implements PipeTransform {
-  constructor(protected sanitizer: DomSanitizer) {}
-
-  public transform(
-    value: any,
-    type: string
-  ): SafeHtml | SafeStyle | SafeScript | SafeUrl | SafeResourceUrl {
-    switch (type) {
-      case 'html':
-        return this.sanitizer.bypassSecurityTrustHtml(value)
-      case 'style':
-        return this.sanitizer.bypassSecurityTrustStyle(value)
-      case 'script':
-        return this.sanitizer.bypassSecurityTrustScript(value)
-      case 'url':
-        return this.sanitizer.bypassSecurityTrustUrl(value)
-      case 'resourceUrl':
-        return this.sanitizer.bypassSecurityTrustResourceUrl(value)
-      default:
-        throw new Error(`Invalid safe type specified: ${type}`)
-    }
-  }
-}
diff --git a/libs/util/shared/src/lib/pipes/index.ts b/libs/util/shared/src/lib/pipes/index.ts
deleted file mode 100644
index 31ad2fdba3..0000000000
--- a/libs/util/shared/src/lib/pipes/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export * from './SafePipe'
diff --git a/libs/util/shared/src/lib/util-shared.module.ts b/libs/util/shared/src/lib/util-shared.module.ts
index cd2e1233b2..5f64ef44fc 100644
--- a/libs/util/shared/src/lib/util-shared.module.ts
+++ b/libs/util/shared/src/lib/util-shared.module.ts
@@ -1,11 +1,10 @@
 import { NgModule } from '@angular/core'
-import { SafePipe } from './pipes/SafePipe'
 import { CommonModule } from '@angular/common'
 import { ImageFallbackDirective } from './image-fallback.directive'
 
 @NgModule({
-  declarations: [SafePipe, ImageFallbackDirective],
+  declarations: [ImageFallbackDirective],
   imports: [CommonModule],
-  exports: [SafePipe, ImageFallbackDirective],
+  exports: [ImageFallbackDirective],
 })
 export class UtilSharedModule {}

From baf8723ae992a00aae60ea502b2bf98d6dc0e811 Mon Sep 17 00:00:00 2001
From: Angelika Kinas <angelika.kinas@camptocamp.com>
Date: Wed, 29 Nov 2023 15:27:46 +0100
Subject: [PATCH 2/2] fix(DH): Fix failing pipeline

---
 libs/util/shared/src/index.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libs/util/shared/src/index.ts b/libs/util/shared/src/index.ts
index 005ad89acb..c23cead997 100644
--- a/libs/util/shared/src/index.ts
+++ b/libs/util/shared/src/index.ts
@@ -2,5 +2,4 @@ export * from './lib/util-shared.module'
 export * from './lib/services'
 export * from './lib/utils'
 export * from './lib/links'
-export * from './lib/pipes'
 export * from './lib/image-fallback.directive'