Refactored code to pass down whether they are injected in the code through an innerHTML attribute or not to properly escape them

Author: alexandrevryghem

src/app/collection-page/collection-item-mapper/collection-item-mapper.component.ts

@@ -120,7 +120,7 @@ export class CollectionItemMapperComponent implements OnInit {
 
     this.collectionName$ = this.collectionRD$.pipe(
       map((rd: RemoteData<Collection>) => {
-        return this.dsoNameService.getName(rd.payload);
+        return this.dsoNameService.getName(rd.payload, true);
       })
     );
     this.searchOptions$ = this.searchConfigService.paginatedSearchOptions;

src/app/core/breadcrumbs/dso-name.service.spec.ts

@@ -54,7 +54,7 @@ describe(`DSONameService`, () => {
 
       const result = service.getName(mockPerson);
 
-      expect((service as any).factories.Person).toHaveBeenCalledWith(mockPerson);
+      expect((service as any).factories.Person).toHaveBeenCalledWith(mockPerson, undefined);
       expect(result).toBe('Bingo!');
     });
 
@@ -63,7 +63,7 @@ describe(`DSONameService`, () => {
 
       const result = service.getName(mockOrgUnit);
 
-      expect((service as any).factories.OrgUnit).toHaveBeenCalledWith(mockOrgUnit);
+      expect((service as any).factories.OrgUnit).toHaveBeenCalledWith(mockOrgUnit, undefined);
       expect(result).toBe('Bingo!');
     });
 
@@ -72,7 +72,7 @@ describe(`DSONameService`, () => {
 
       const result = service.getName(mockDSO);
 
-      expect((service as any).factories.Default).toHaveBeenCalledWith(mockDSO);
+      expect((service as any).factories.Default).toHaveBeenCalledWith(mockDSO, undefined);
       expect(result).toBe('Bingo!');
     });
   });
@@ -86,9 +86,9 @@ describe(`DSONameService`, () => {
       it(`should return 'person.familyName, person.givenName'`, () => {
         const result = (service as any).factories.Person(mockPerson);
         expect(result).toBe(mockPersonName);
-        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.familyName');
-        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.givenName');
-        expect(mockPerson.firstMetadataValue).not.toHaveBeenCalledWith('dc.title');
+        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.familyName', undefined, undefined);
+        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.givenName', undefined, undefined);
+        expect(mockPerson.firstMetadataValue).not.toHaveBeenCalledWith('dc.title', undefined, undefined);
       });
     });
 
@@ -100,9 +100,9 @@ describe(`DSONameService`, () => {
       it(`should return dc.title`, () => {
         const result = (service as any).factories.Person(mockPerson);
         expect(result).toBe(mockPersonName);
-        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.familyName');
-        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.givenName');
-        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('dc.title');
+        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.familyName', undefined, undefined);
+        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('person.givenName', undefined, undefined);
+        expect(mockPerson.firstMetadataValue).toHaveBeenCalledWith('dc.title', undefined, undefined);
       });
     });
   });
@@ -115,7 +115,7 @@ describe(`DSONameService`, () => {
     it(`should return 'organization.legalName'`, () => {
       const result = (service as any).factories.OrgUnit(mockOrgUnit);
       expect(result).toBe(mockOrgUnitName);
-      expect(mockOrgUnit.firstMetadataValue).toHaveBeenCalledWith('organization.legalName');
+      expect(mockOrgUnit.firstMetadataValue).toHaveBeenCalledWith('organization.legalName', undefined, undefined);
     });
   });
 
@@ -127,7 +127,7 @@ describe(`DSONameService`, () => {
     it(`should return 'dc.title'`, () => {
       const result = (service as any).factories.Default(mockDSO);
       expect(result).toBe(mockDSOName);
-      expect(mockDSO.firstMetadataValue).toHaveBeenCalledWith('dc.title');
+      expect(mockDSO.firstMetadataValue).toHaveBeenCalledWith('dc.title', undefined, undefined);
     });
   });
 });

src/app/core/breadcrumbs/dso-name.service.ts

@@ -27,9 +27,9 @@ export class DSONameService {
    * With only two exceptions those solutions seem overkill for now.
    */
   private readonly factories = {
-    EPerson: (dso: DSpaceObject): string => {
-      const firstName = dso.firstMetadataValue('eperson.firstname');
-      const lastName = dso.firstMetadataValue('eperson.lastname');
+    EPerson: (dso: DSpaceObject, injectedAsHTML?: boolean): string => {
+      const firstName = dso.firstMetadataValue('eperson.firstname', undefined, injectedAsHTML);
+      const lastName = dso.firstMetadataValue('eperson.lastname', undefined, injectedAsHTML);
       if (isEmpty(firstName) && isEmpty(lastName)) {
         return this.translateService.instant('dso.name.unnamed');
       } else if (isEmpty(firstName) || isEmpty(lastName)) {
@@ -38,32 +38,33 @@ export class DSONameService {
         return `${firstName} ${lastName}`;
       }
     },
-    Person: (dso: DSpaceObject): string => {
-      const familyName = dso.firstMetadataValue('person.familyName');
-      const givenName = dso.firstMetadataValue('person.givenName');
+    Person: (dso: DSpaceObject, injectedAsHTML?: boolean): string => {
+      const familyName = dso.firstMetadataValue('person.familyName', undefined, injectedAsHTML);
+      const givenName = dso.firstMetadataValue('person.givenName', undefined, injectedAsHTML);
       if (isEmpty(familyName) && isEmpty(givenName)) {
-        return dso.firstMetadataValue('dc.title') || this.translateService.instant('dso.name.unnamed');
+        return dso.firstMetadataValue('dc.title', undefined, injectedAsHTML) || this.translateService.instant('dso.name.unnamed');
       } else if (isEmpty(familyName) || isEmpty(givenName)) {
         return familyName || givenName;
       } else {
         return `${familyName}, ${givenName}`;
       }
     },
-    OrgUnit: (dso: DSpaceObject): string => {
-      return dso.firstMetadataValue('organization.legalName');
+    OrgUnit: (dso: DSpaceObject, injectedAsHTML?: boolean): string => {
+      return dso.firstMetadataValue('organization.legalName', undefined, injectedAsHTML);
     },
-    Default: (dso: DSpaceObject): string => {
+    Default: (dso: DSpaceObject, injectedAsHTML?: boolean): string => {
       // If object doesn't have dc.title metadata use name property
-      return dso.firstMetadataValue('dc.title') || dso.name || this.translateService.instant('dso.name.untitled');
+      return dso.firstMetadataValue('dc.title', undefined, injectedAsHTML) || dso.name || this.translateService.instant('dso.name.untitled');
     }
   };
 
   /**
    * Get the name for the given {@link DSpaceObject}
    *
    * @param dso  The {@link DSpaceObject} you want a name for
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    */
-  getName(dso: DSpaceObject | undefined): string {
+  getName(dso: DSpaceObject | undefined, injectedAsHTML?: boolean): string {
     if (dso) {
       const types = dso.getRenderTypes();
       const match = types
@@ -72,10 +73,10 @@ export class DSONameService {
 
       let name;
       if (hasValue(match)) {
-        name = this.factories[match](dso);
+        name = this.factories[match](dso, injectedAsHTML);
       }
       if (isEmpty(name)) {
-        name = this.factories.Default(dso);
+        name = this.factories.Default(dso, injectedAsHTML);
       }
       return name;
     } else {
@@ -88,27 +89,28 @@ export class DSONameService {
    *
    * @param object
    * @param dso
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    *
    * @returns {string} html embedded hit highlight.
    */
-  getHitHighlights(object: any, dso: DSpaceObject): string {
+  getHitHighlights(object: any, dso: DSpaceObject, injectedAsHTML?: boolean): string {
     const types = dso.getRenderTypes();
     const entityType = types
       .filter((type) => typeof type === 'string')
       .find((type: string) => (['Person', 'OrgUnit']).includes(type)) as string;
     if (entityType === 'Person') {
-      const familyName = this.firstMetadataValue(object, dso, 'person.familyName');
-      const givenName = this.firstMetadataValue(object, dso, 'person.givenName');
+      const familyName = this.firstMetadataValue(object, dso, 'person.familyName', injectedAsHTML);
+      const givenName = this.firstMetadataValue(object, dso, 'person.givenName', injectedAsHTML);
       if (isEmpty(familyName) && isEmpty(givenName)) {
-        return this.firstMetadataValue(object, dso, 'dc.title') || dso.name;
+        return this.firstMetadataValue(object, dso, 'dc.title', injectedAsHTML) || dso.name;
       } else if (isEmpty(familyName) || isEmpty(givenName)) {
         return familyName || givenName;
       }
       return `${familyName}, ${givenName}`;
     } else if (entityType === 'OrgUnit') {
-      return this.firstMetadataValue(object, dso, 'organization.legalName');
+      return this.firstMetadataValue(object, dso, 'organization.legalName', injectedAsHTML);
     }
-    return this.firstMetadataValue(object, dso, 'dc.title') || dso.name || this.translateService.instant('dso.name.untitled');
+    return this.firstMetadataValue(object, dso, 'dc.title', injectedAsHTML) || dso.name || this.translateService.instant('dso.name.untitled');
   }
 
   /**
@@ -117,11 +119,12 @@ export class DSONameService {
    * @param object
    * @param dso
    * @param {string|string[]} keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    *
    * @returns {string} the first matching string value, or `undefined`.
    */
-  firstMetadataValue(object: any, dso: DSpaceObject, keyOrKeys: string | string[]): string {
-    return Metadata.firstValue([object.hitHighlights, dso.metadata], keyOrKeys);
+  firstMetadataValue(object: any, dso: DSpaceObject, keyOrKeys: string | string[], injectedAsHTML?: boolean): string {
+    return Metadata.firstValue(dso.metadata, keyOrKeys, object.hitHighlights, undefined, injectedAsHTML);
   }
 
 }

src/app/core/shared/dspace-object.model.ts

@@ -108,60 +108,64 @@ export class DSpaceObject extends ListableObject implements CacheableObject {
    * Gets all matching metadata in this DSpaceObject.
    *
    * @param {string|string[]} keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
-   * @param {MetadataValueFilter} filter The value filter to use. If unspecified, no filtering will be done.
+   * @param {MetadataValueFilter} valueFilter The value filter to use. If unspecified, no filtering will be done.
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    * @returns {MetadataValue[]} the matching values or an empty array.
    */
-  allMetadata(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter): MetadataValue[] {
-    return Metadata.all(this.metadata, keyOrKeys, valueFilter);
+  allMetadata(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter, injectedAsHTML?: boolean): MetadataValue[] {
+    return Metadata.all(this.metadata, keyOrKeys, undefined, valueFilter, injectedAsHTML);
   }
 
   /**
    * Like [[allMetadata]], but only returns string values.
    *
    * @param {string|string[]} keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
-   * @param {MetadataValueFilter} filter The value filter to use. If unspecified, no filtering will be done.
+   * @param {MetadataValueFilter} valueFilter The value filter to use. If unspecified, no filtering will be done.
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    * @returns {string[]} the matching string values or an empty array.
    */
-  allMetadataValues(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter): string[] {
-    return Metadata.allValues(this.metadata, keyOrKeys, valueFilter);
+  allMetadataValues(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter, injectedAsHTML?: boolean): string[] {
+    return Metadata.allValues(this.metadata, keyOrKeys, undefined, valueFilter, injectedAsHTML);
   }
 
   /**
    * Gets the first matching MetadataValue object in this DSpaceObject, or `undefined`.
    *
    * @param {string|string[]} keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
-   * @param {MetadataValueFilter} filter The value filter to use. If unspecified, no filtering will be done.
+   * @param {MetadataValueFilter} valueFilter The value filter to use. If unspecified, no filtering will be done.
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    * @returns {MetadataValue} the first matching value, or `undefined`.
    */
-  firstMetadata(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter): MetadataValue {
-    return Metadata.first(this.metadata, keyOrKeys, valueFilter);
+  firstMetadata(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter, injectedAsHTML?: boolean): MetadataValue {
+    return Metadata.first(this.metadata, keyOrKeys, undefined, valueFilter, injectedAsHTML);
   }
 
   /**
    * Like [[firstMetadata]], but only returns a string value, or `undefined`.
    *
    * @param {string|string[]} keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
    * @param {MetadataValueFilter} valueFilter The value filter to use. If unspecified, no filtering will be done.
+   * @param injectedAsHTML Whether the HTML is used inside a `[innerHTML]` attribute
    * @returns {string} the first matching string value, or `undefined`.
    */
-  firstMetadataValue(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter): string {
-    return Metadata.firstValue(this.metadata, keyOrKeys, valueFilter);
+  firstMetadataValue(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter, injectedAsHTML?: boolean): string {
+    return Metadata.firstValue(this.metadata, keyOrKeys, undefined, valueFilter, injectedAsHTML);
   }
 
   /**
    * Checks for a matching metadata value in this DSpaceObject.
    *
    * @param {string|string[]} keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
-   * @param {MetadataValueFilter} filter The value filter to use. If unspecified, no filtering will be done.
+   * @param {MetadataValueFilter} valueFilter The value filter to use. If unspecified, no filtering will be done.
    * @returns {boolean} whether a match is found.
    */
   hasMetadata(keyOrKeys: string | string[], valueFilter?: MetadataValueFilter): boolean {
-    return Metadata.has(this.metadata, keyOrKeys, valueFilter);
+    return Metadata.has(this.metadata, keyOrKeys, undefined, valueFilter);
   }
 
   /**
    * Find metadata on a specific field and order all of them using their "place" property.
-   * @param key
+   * @param keyOrKeys The metadata key(s) in scope. Wildcards are supported; see [[Metadata]].
    */
   findMetadataSortedByPlace(keyOrKeys: string | string[]): MetadataValue[] {
     return this.allMetadata(keyOrKeys).sort((a: MetadataValue, b: MetadataValue) => {