XSS changes for ratings

Author: abhisheksingla02

plugins/star-rating/frontend/public/javascripts/countly.views.js

@@ -182,6 +182,7 @@
 
     // these table components should be 3 different components
     var CommentsTable = countlyVue.views.create({
+        mixins: [countlyVue.mixins.commonFormatters],
         template: CV.T("/star-rating/templates/comments-table.html"),
         props: {
             comments: Array,
@@ -821,7 +822,8 @@
         },
         mixins: [
             countlyVue.mixins.hasDrawers("widget"),
-            countlyVue.mixins.auth(FEATURE_NAME)
+            countlyVue.mixins.auth(FEATURE_NAME),
+            countlyVue.mixins.commonFormatters
         ],
         data: function() {
             return {
@@ -1177,6 +1179,7 @@
     });
 
     var UserFeedbackRatingsTable = countlyVue.views.create({
+        mixins: [countlyVue.mixins.commonFormatters],
         template: CV.T('/star-rating/templates/users-feedback-ratings-table.html'),
         props: {
             ratings: {

plugins/star-rating/frontend/public/templates/comments-table.html

@@ -18,7 +18,7 @@
       </el-table-column>
       <el-table-column sortable="true" prop="cd" :label="i18n('feedback.time')" min-width="120">
         <template v-slot="rowScope">
-            <span class="text-medium" :data-test-id="'ratings-comment-table-time-row-' + rowScope.$index" v-html="rowScope.row.cd"></span>
+            <span class="text-medium" :data-test-id="'ratings-comment-table-time-row-' + rowScope.$index">{{unescapeHtml(rowScope.row.cd)}}</span>
         </template>
       </el-table-column>
       <el-table-column prop="email" :label="i18n('feedback.email')" min-width="200">

plugins/star-rating/frontend/public/templates/users-feedback-ratings-table.html

@@ -16,7 +16,7 @@
         </el-table-column>
         <el-table-column prop="time" column-key="ts" :label="i18n('feedback.time')">
           <template v-slot="rowScope">
-              <span v-html="rowScope.row.ts" class="text-medium"></span>
+            <span class="text-medium">{{unescapeHtml(rowScope.row.ts)}}</span>
           </template>
         </el-table-column>
     </cly-datatable-n>

plugins/star-rating/frontend/public/templates/widget-detail.html

@@ -7,7 +7,7 @@
           <span data-test-id="ratings-detail-back-link-label">{{ i18n('feedback.back-to-rating-widgets') }}</span>
         </div>
         <div class="ratings-widget-detail-view__widget-name">
-          <h3 v-html="widget.popup_header_text" class="ratings-widget-detail-view__widget-name" data-test-id="ratings-detail-widget-name-label"></h3>
+          <h3 class="ratings-widget-detail-view__widget-name" data-test-id="ratings-detail-widget-name-label">{{unescapeHtml(widget.popup_header_text)}}</h3>
         </div>
         <div class="ratings-widget-detail-view__widget-informations bu-mt-4">
           <div :class="[widget.status && 'ratings-widget-detail-view__widget-status-active', !widget.status && 'ratings-widget-detail-view__widget-status-disabled', 'bu-has-text-weight-semibold text-small bu-mt-1']">
@@ -16,7 +16,7 @@ <h3 v-html="widget.popup_header_text" class="ratings-widget-detail-view__widget-
           </div>
           <div class="ratings-widget-detail-view__created-at text-medium bu-p-1 bu-ml-2"> <i class="ion-android-time" data-test-id="ratings-detail-created-at-icon"></i> 
             <span data-test-id="ratings-detail-created-at-label">{{ i18n('feedback.created-at') }}</span>
-            <span data-test-id="ratings-detail-created-at-value" v-html="widget.created_at"></span></div>
+            <span data-test-id="ratings-detail-created-at-value">{{unescapeHtml(widget.created_at)}}</span></div>
           <div class="ratings-widget-detail-view__widget-id text-medium bu-p-1 bu-ml-2">
             <i data-test-id="ratings-detail-price-tag-icon" class="ion-pricetag"></i>
             <span data-test-id="ratings-detail-widget-id-label" class="ratings-widget-detail-view__widget-id">{{ i18n('feedback.widget-id') }} </span>