This PR was originally reverted due to stopping interpolation from working properly (https://github.com/formio/formio.js/pull/5418), but it seems that with sanitizer upgrade the issue was resolved and now sanitizer does not touch code inside {{}}. I added a test to confirm that.
We can't interpolate first and sanitize after that because for HTML component we use translateHTMLtemplate function that creates a div with HTML component's content to translate its text nodes, so if it's not sanitized, all teh code will be executed on that stage.
Dependencies
This PR depends on the following PRs from other Form.io modules: ...
How has this PR been tested?
Automated tests added both for the issue itself and for the interpolation
Checklist:
[ ] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation (if applicable)
[ ] My changes generate no new warnings
[ ] My changes include tests that prove my fix is effective (or that my feature works as intended)
[ ] New and existing unit/integration tests pass locally with my changes
[ ] Any dependent changes have corresponding PRs that are listed above
Link to Jira Ticket
https://formio.atlassian.net/browse/FIO-7544
Description
This PR was originally reverted due to stopping interpolation from working properly (https://github.com/formio/formio.js/pull/5418), but it seems that with sanitizer upgrade the issue was resolved and now sanitizer does not touch code inside {{}}. I added a test to confirm that. We can't interpolate first and sanitize after that because for HTML component we use translateHTMLtemplate function that creates a div with HTML component's content to translate its text nodes, so if it's not sanitized, all teh code will be executed on that stage.
Dependencies
This PR depends on the following PRs from other Form.io modules: ...
How has this PR been tested?
Automated tests added both for the issue itself and for the interpolation
Checklist: