XSS changes for ratings

abhisheksingla02 · abhisheksingla02 · commit 9ead0894e392 · 2024-01-22T11:46:47.000Z
diff --git a/plugins/star-rating/frontend/public/javascripts/countly.views.js b/plugins/star-rating/frontend/public/javascripts/countly.views.js
@@ -15,12 +15,12 @@
     }
 
     var Drawer = countlyVue.views.create({
+        mixins: [countlyVue.mixins.commonFormatters],
         template: CV.T("/star-rating/templates/drawer.html"),
         props: {
             settings: Object,
             controls: Object
         },
-        mixins: [],
         data: function() {
             return {
                 imageSource: '',
@@ -285,7 +285,8 @@
     var WidgetsTable = countlyVue.views.create({
         template: CV.T("/star-rating/templates/widgets-table.html"),
         mixins: [
-            countlyVue.mixins.auth(FEATURE_NAME)
+            countlyVue.mixins.auth(FEATURE_NAME),
+            countlyVue.mixins.commonFormatters
         ],
         props: {
             rows: {
@@ -1085,7 +1086,7 @@
                 starRatingPlugin.requestSingleWidget(this.$route.params.id, function(widget) {
                     self.widget = widget;
                     self.widget.popup_header_text = replaceEscapes(self.widget.popup_header_text);
-                    self.widget.created_at = countlyCommon.formatTimeAgo(self.widget.created_at);
+                    self.widget.created_at = countlyCommon.formatTimeAgoText(self.widget.created_at).text;
                     if (self.cohortsEnabled) {
                         self.widget = self.parseTargeting(widget);
                     }
diff --git a/plugins/star-rating/frontend/public/templates/drawer.html b/plugins/star-rating/frontend/public/templates/drawer.html
@@ -22,7 +22,7 @@
 						</div>
 						<div class="ratings-drawer__ratings-popup">
               <div class="ratings-drawer__rp-question-area" data-test-id="ratings-drawer-ratingspopup-question">
-                {{ drawerScope.editedObject.popup_header_text }}
+                {{ unescapeHtml(drawerScope.editedObject.popup_header_text) }}
               </div>
               <div v-if="drawerScope.editedObject.ratings_texts">
                 <div class="ratings-drawer__rp-ratings-area" v-if="drawerScope.editedObject.rating_symbol==='emojis'">
diff --git a/plugins/star-rating/frontend/public/templates/widgets-table.html b/plugins/star-rating/frontend/public/templates/widgets-table.html
@@ -22,7 +22,7 @@
             <template v-slot="rowScope">
               <div>
                 <div @click="goWidgetDetail(rowScope.row._id)" :data-test-id="'ratings-widgets-data-table-widget-name-' + rowScope.$index" :class="[rowScope.row.hover && 'bu-is-underlined bu-is-clickable color-primary', 'color-dark-blue-100 text-medium']">
-                  {{rowScope.row.popup_header_text}}
+                  {{unescapeHtml(rowScope.row.popup_header_text)}}
                 </div>
                 <div>
                   <span :data-test-id="'ratings-widgets-data-table-widget-id-label-' + rowScope.$index" class="color-cool-gray-40 text-small bu-has-text-weight-semibold"> {{ i18n('feedback.widget-id') }} </span>
