PM-30799 added html clean up for the domain (#18393)

2026-01-28 07:13:29 +00:00 · 2026-01-26 08:05:46 -06:00
parent 46266dfd20
commit 94c40b53aa
1 changed files with 22 additions and 4 deletions
--- a/apps/web/src/app/core/event.service.ts
+++ b/apps/web/src/app/core/event.service.ts
@@ -522,16 +522,25 @@ export class EventService {
        break;
      // Org Domain claiming events
      case EventType.OrganizationDomain_Added:
-        msg = humanReadableMsg = this.i18nService.t("addedDomain", ev.domainName);
+        msg = humanReadableMsg = this.i18nService.t("addedDomain", this.escapeHtml(ev.domainName));
        break;
      case EventType.OrganizationDomain_Removed:
-        msg = humanReadableMsg = this.i18nService.t("removedDomain", ev.domainName);
+        msg = humanReadableMsg = this.i18nService.t(
+          "removedDomain",
+          this.escapeHtml(ev.domainName),
+        );
        break;
      case EventType.OrganizationDomain_Verified:
-        msg = humanReadableMsg = this.i18nService.t("domainClaimedEvent", ev.domainName);
+        msg = humanReadableMsg = this.i18nService.t(
+          "domainClaimedEvent",
+          this.escapeHtml(ev.domainName),
+        );
        break;
      case EventType.OrganizationDomain_NotVerified:
-        msg = humanReadableMsg = this.i18nService.t("domainNotClaimedEvent", ev.domainName);
+        msg = humanReadableMsg = this.i18nService.t(
+          "domainNotClaimedEvent",
+          this.escapeHtml(ev.domainName),
+        );
        break;
      // Secrets Manager
      case EventType.Secret_Retrieved:
@@ -893,6 +902,15 @@ export class EventService {
    return id?.substring(0, 8);
  }

+  private escapeHtml(unsafe: string): string {
+    if (!unsafe) {
+      return unsafe;
+    }
+    const div = document.createElement("div");
+    div.textContent = unsafe;
+    return div.innerHTML;
+  }
+
  private toDateTimeLocalString(date: Date) {
    return (
      date.getFullYear() +