github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2025-02-17 05:22:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1516 from sharelatex/as-sanitize-team-notice

Browse source 
Show sanitized HTML for team notice on subscription page

GitOrigin-RevId: 20256eed298a709d663bdfd0057e0d8462722a0c
This commit is contained in:
Chrystal Maria Griffiths 2019-02-15 13:15:46 +00:00 committed by sharelatex
parent 778af6ca40
commit 9abea8ae5f
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/web/app/coffee/Features/Subscription/SubscriptionViewModelBuilder.coffee
View file

@ -7,6 +7,7 @@ SubscriptionLocator = require("./SubscriptionLocator")
V1SubscriptionManager = require("./V1SubscriptionManager")
InstitutionsGetter = require("../Institutions/InstitutionsGetter")
PublishersGetter = require("../Publishers/PublishersGetter")
sanitizeHtml = require 'sanitize-html'
logger = require('logger-sharelatex')
_ = require("underscore")
async = require('async')
@ -94,6 +95,9 @@ module.exports =
trial_ends_at: recurlySubscription.trial_ends_at
}
for memberGroupSubscription in memberGroupSubscriptions
memberGroupSubscription.teamNotice = sanitizeHtml(memberGroupSubscription.teamNotice)
callback null, {
personalSubscription,
managedGroupSubscriptions,

3
services/web/app/views/subscriptions/dashboard/_group_memberships.pug
View file

@ -8,7 +8,8 @@ div(ng-controller="GroupMembershipController")
+teamName(groupSubscription)
- if (groupSubscription.teamNotice && groupSubscription.teamNotice != '')
p
em= groupSubscription.teamNotice
//- Team notice is sanitized in SubscriptionViewModelBuilder
em !{groupSubscription.teamNotice}
span
button.btn.btn-danger.text-capitalise(ng-click="removeSelfFromGroup('"+groupSubscription.admin_id._id+"')") #{translate("leave_group")}
hr