mirror of
https://code.equilibrium.co.ao/ITO/doneit-web.git
synced 2026-04-19 21:06:06 +00:00
Eudes Inácio
80 lines
2.1 KiB
TypeScript
80 lines
2.1 KiB
TypeScript
import { Injectable, SecurityContext } from '@angular/core';
|
|
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
|
|
import { Router } from '@angular/router';
|
|
import DOMPurify from 'dompurify';
|
|
|
|
@Injectable({
|
|
providedIn: 'root'
|
|
})
|
|
export class DomSanitizerService {
|
|
|
|
|
|
|
|
constructor(private sanitizer: DomSanitizer) {
|
|
|
|
|
|
}
|
|
|
|
sanitizeInput(input: string) {
|
|
// Encode special characters to prevent XSS attacks
|
|
const encodedInput = this.encodeSpecialCharacters(input);
|
|
|
|
// Use DomSanitizer to sanitize the content
|
|
return this.sanitizer.sanitize(SecurityContext.HTML, encodedInput);
|
|
}
|
|
|
|
private encodeSpecialCharacters(input: string): string {
|
|
const specialCharactersMap: Record<string, string> = {
|
|
'!': '!',
|
|
'@': '@',
|
|
'#': '#',
|
|
'$': '$',
|
|
'%': '%',
|
|
'^': '^',
|
|
'&': '&',
|
|
'*': '*',
|
|
'(': '(',
|
|
')': ')',
|
|
'-': '-',
|
|
'_': '_',
|
|
'+': '+',
|
|
'=': '=',
|
|
'{': '{',
|
|
'}': '}',
|
|
'|': '|',
|
|
'\\': '\',
|
|
':': ':',
|
|
';': ';',
|
|
'"': '"',
|
|
"'": ''',
|
|
'<': '<',
|
|
'>': '>',
|
|
',': ',',
|
|
'.': '.',
|
|
'?': '?',
|
|
'/': '/',
|
|
'ã': 'ã', // ã
|
|
'ç': 'ç', // ç
|
|
'Â': 'Â', // Â
|
|
'â': 'â', // â
|
|
'Ã': 'Ã', // Ã
|
|
};
|
|
|
|
return input.replace(/[!@#$%^&*()-_+=\{\}|\\:;"'<>,.?/ãçÂâÃ]/g, match => specialCharactersMap[match] || match);
|
|
}
|
|
|
|
|
|
// private encodeSpecialCharacters(input: string): string {
|
|
// You can use a library like DOMPurify to encode special characters
|
|
// return DOMPurify.sanitize(input);
|
|
|
|
// If you don't want to use an external library, you can manually encode
|
|
// Here's a simple example, you may need to extend this based on your requirements
|
|
/* return input.replace(/</g, '<').replace(/>/g, '>'); */
|
|
// }
|
|
|
|
/* sanitizeInput(input: string): string {
|
|
return this.sanitizer.sanitize(SecurityContext.HTML, input);
|
|
} */
|
|
}
|