EVOgeek
/
Vmeda.Online
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MOBILE-2567 user: Sanitize address URLs

main
Dani Palou 2018-08-31 09:41:39 +02:00
parent 7126c44917
commit d3807fd48e
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/core/user/pages/about/about.html
View File

@ -31,10 +31,7 @@
</ion-item>
<ion-item text-wrap *ngIf="user.address">
<h2>{{ 'core.user.address' | translate}}</h2>
<p><a *ngIf="isAndroid" href="geo:0,0?q={{user.encodedAddress}}" core-link auto-login="no">
<core-format-text [text]="user.address"></core-format-text>
</a>
<a *ngIf="!isAndroid" href="http://maps.google.com?q={{user.encodedAddress}}" core-link auto-login="no">
<p><a [href]="user.encodedAddress" core-link auto-login="no">
<core-format-text [text]="user.address"></core-format-text>
</a>
</p>

6
src/core/user/pages/about/about.ts
View File

@ -13,6 +13,7 @@
// limitations under the License.
import { Component } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
import { IonicPage, NavParams, Platform } from 'ionic-angular';
import { CoreUserProvider } from '../../providers/user';
import { CoreUserHelperProvider } from '../../providers/helper';
@ -41,7 +42,7 @@ export class CoreUserAboutPage {
title: string;
constructor(navParams: NavParams, private userProvider: CoreUserProvider, private userHelper: CoreUserHelperProvider,
private domUtils: CoreDomUtilsProvider, private eventsProvider: CoreEventsProvider,
private domUtils: CoreDomUtilsProvider, private eventsProvider: CoreEventsProvider, private sanitizer: DomSanitizer,
private sitesProvider: CoreSitesProvider, private platform: Platform) {
this.userId = navParams.get('userId');
@ -68,7 +69,8 @@ export class CoreUserAboutPage {
if (user.address) {
user.address = this.userHelper.formatAddress(user.address, user.city, user.country);
user.encodedAddress = encodeURIComponent(user.address);
user.encodedAddress = this.sanitizer.bypassSecurityTrustUrl(
(this.isAndroid ? 'geo:0,0?q=' : 'http://maps.google.com?q=') + encodeURIComponent(user.address));
}
this.hasContact = user.email || user.phone1 || user.phone2 || user.city || user.country || user.address;