From 68e24a597328d178af4b96f49d235d183be8990c Mon Sep 17 00:00:00 2001
From: ogerly <fridolin@tutanota.com>
Date: Wed, 5 Oct 2022 08:19:11 +0200
Subject: [PATCH] strip html from text

---
 .../ContributionMessages/ContributionMessagesFormular.vue       | 2 +-
 .../ContributionMessages/ContributionMessagesFormular.vue       | 2 +-
 frontend/src/components/Contributions/ContributionForm.vue      | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/admin/src/components/ContributionMessages/ContributionMessagesFormular.vue b/admin/src/components/ContributionMessages/ContributionMessagesFormular.vue
index c9c285eef..695ae5109 100644
--- a/admin/src/components/ContributionMessages/ContributionMessagesFormular.vue
+++ b/admin/src/components/ContributionMessages/ContributionMessagesFormular.vue
@@ -47,7 +47,7 @@ export default {
           mutation: adminCreateContributionMessage,
           variables: {
             contributionId: this.contributionId,
-            message: this.form.text,
+            message: this.form.text.replace(/(<([^>]+)>)/gi, ''),
           },
         })
         .then((result) => {
diff --git a/frontend/src/components/ContributionMessages/ContributionMessagesFormular.vue b/frontend/src/components/ContributionMessages/ContributionMessagesFormular.vue
index 1a5928cc3..c2af2a04f 100644
--- a/frontend/src/components/ContributionMessages/ContributionMessagesFormular.vue
+++ b/frontend/src/components/ContributionMessages/ContributionMessagesFormular.vue
@@ -47,7 +47,7 @@ export default {
           mutation: createContributionMessage,
           variables: {
             contributionId: this.contributionId,
-            message: this.form.text,
+            message: this.form.text.replace(/(<([^>]+)>)/gi, ''),
           },
         })
         .then((result) => {
diff --git a/frontend/src/components/Contributions/ContributionForm.vue b/frontend/src/components/Contributions/ContributionForm.vue
index 47f2be4c4..ea170a5d6 100644
--- a/frontend/src/components/Contributions/ContributionForm.vue
+++ b/frontend/src/components/Contributions/ContributionForm.vue
@@ -108,6 +108,7 @@ export default {
     submit() {
       this.form.amount = this.numberFormat(this.form.amount)
       // spreading is needed for testing
+      this.form.memo = this.form.memo.replace(/(<([^>]+)>)/gi, '')
       this.$emit(this.form.id ? 'update-contribution' : 'set-contribution', { ...this.form })
       this.reset()
     },