[UXP-241] add html sanitize

Author: FrancescoMolinaro

src/app/shared/markdown-editor/markdown-editor.component.spec.ts

@@ -2,7 +2,7 @@ import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 import { NO_ERRORS_SCHEMA } from '@angular/core';
 import { RouterTestingModule } from '@angular/router/testing';
 
-import { By } from '@angular/platform-browser';
+import { By, DomSanitizer } from '@angular/platform-browser';
 
 import { MarkdownEditorComponent } from './markdown-editor.component';
 
@@ -16,7 +16,7 @@ describe('MarkdownEditorComponent', () => {
       imports: [
         RouterTestingModule.withRoutes([]),
       ],
-      providers: [],
+      providers: [DomSanitizer],
       schemas: [NO_ERRORS_SCHEMA]
     }).compileComponents();
   }));

src/app/shared/markdown-editor/markdown-editor.component.ts

@@ -1,6 +1,7 @@
 import 'quill-emoji/dist/quill-emoji.js';
-import { Component, EventEmitter, Input, Output } from '@angular/core';
+import { Component, EventEmitter, Input, Output, SecurityContext } from '@angular/core';
 import { ContentChange, QuillModules } from 'ngx-quill';
+import { DomSanitizer } from '@angular/platform-browser';
 
 @Component({
   selector: 'ds-markdown-editor',
@@ -40,11 +41,15 @@ export class MarkdownEditorComponent  {
     syntax: false
   };
 
+  constructor(private sanitizer: DomSanitizer) {}
+
+
   /**
    * Emit content update after editing
    * @param content
    */
   updateContent(content: ContentChange) {
-    this.editValueChange.emit(content.html);
-  }
+    const sanitizedContent = this.sanitizer.sanitize(SecurityContext.HTML, content.html);
+    this.editValueChange.emit(sanitizedContent);
+}
 }