From b9e4a41d392d445362b391dbe1d7631dcd4240ac Mon Sep 17 00:00:00 2001 From: Jens Ulferts Date: Tue, 9 May 2017 09:02:24 +0200 Subject: [PATCH] escape html tags from wp display attr value and set as title for formattable --- .../wp-display-attr/wp-display-attr.directive.ts | 4 +++- .../field-types/wp-display-formattable-field.module.ts | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/frontend/app/components/work-packages/wp-display-attr/wp-display-attr.directive.ts b/frontend/app/components/work-packages/wp-display-attr/wp-display-attr.directive.ts index 911111af62..3491992574 100644 --- a/frontend/app/components/work-packages/wp-display-attr/wp-display-attr.directive.ts +++ b/frontend/app/components/work-packages/wp-display-attr/wp-display-attr.directive.ts @@ -119,7 +119,9 @@ export class WorkPackageDisplayAttributeController { this.__d__renderer = this.__d__renderer || this.$element.find(".__d__renderer"); this.field.render(this.__d__renderer[0], this.displayText); - this.$element.attr("aria-label", this.label + " " + this.displayText); + // strip html tags + let ariaLabel = angular.element(this.displayText).text(); + this.$element.attr('aria-label', this.label + ' ' + ariaLabel); this.__d__cell = this.__d__cell || this.$element.find(".__d__cell"); this.__d__cell.toggleClass("-placeholder", this.isEmpty); diff --git a/frontend/app/components/wp-display/field-types/wp-display-formattable-field.module.ts b/frontend/app/components/wp-display/field-types/wp-display-formattable-field.module.ts index e997690e64..c001e65176 100644 --- a/frontend/app/components/wp-display/field-types/wp-display-formattable-field.module.ts +++ b/frontend/app/components/wp-display/field-types/wp-display-formattable-field.module.ts @@ -42,6 +42,12 @@ export class FormattableDisplayField extends DisplayField { } public render(element:HTMLElement, displayText:string):void { + // title stripped of html tags + if (this.value) { + let title = angular.element(this.value).text(); + element.setAttribute('title', title); + } + angular.element(element).addClass('-multiline'); let span = document.createElement('span');