From 91b34ffd57dd86787e3aa3c2bc1c5207328f59a5 Mon Sep 17 00:00:00 2001
From: Rahul Shinde <shinde.r.a@gmail.com>
Date: Thu, 21 Nov 2024 18:57:19 +0530
Subject: [PATCH] Chaining purify method to ensure safe rendering of
 translation keys (#14270)

* Chaining purify method to ensure safe rendering of translation keys

* Updated report and chart templates to work as expected.

* Corrected changes

* Reverted Installer check template
---
 .../views/SubscribedEvents/Timeline/index.html.twig         | 4 ++--
 .../CoreBundle/Resources/views/Helper/chart.html.twig       | 2 +-
 .../Resources/views/Config/form.html.twig                   | 6 +++---
 .../LeadBundle/Resources/views/Timeline/_list.html.twig     | 2 +-
 .../views/SubscribedEvents/Dashboard/widget.html.twig       | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/bundles/CampaignBundle/Resources/views/SubscribedEvents/Timeline/index.html.twig b/app/bundles/CampaignBundle/Resources/views/SubscribedEvents/Timeline/index.html.twig
index 01fc425f276..03fb4c2ea4b 100644
--- a/app/bundles/CampaignBundle/Resources/views/SubscribedEvents/Timeline/index.html.twig
+++ b/app/bundles/CampaignBundle/Resources/views/SubscribedEvents/Timeline/index.html.twig
@@ -60,10 +60,10 @@
     {% endif %}
 
     {% if (item.campaign_description) %}
-        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.campaign_description}) }}</p>
+        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.campaign_description})|purify }}</p>
     {% endif %}
     {% if (item.event_description) %}
-        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.event_description}) }}</p>
+        <p class="mt-0 mb-10">{{ 'mautic.campaign.campaign.description'|trans({'%description%' : item.event_description})|purify }}</p>
     {% endif %}
 {% endif %}
 </div>
diff --git a/app/bundles/CoreBundle/Resources/views/Helper/chart.html.twig b/app/bundles/CoreBundle/Resources/views/Helper/chart.html.twig
index b81cea78efa..4e72bc98ced 100644
--- a/app/bundles/CoreBundle/Resources/views/Helper/chart.html.twig
+++ b/app/bundles/CoreBundle/Resources/views/Helper/chart.html.twig
@@ -1,4 +1,4 @@
-{% if chartType is defined and chartData is defined %}
+{% if chartType is defined and chartData is defined and chartData.datasets is defined %}
     {% set dataValues = chartData.datasets[0].data %}
     {% if dataValues|reduce((carry, v) => carry + v) > 0 %}
         <div class="chart-wrapper">
diff --git a/app/bundles/IntegrationsBundle/Resources/views/Config/form.html.twig b/app/bundles/IntegrationsBundle/Resources/views/Config/form.html.twig
index 07879e36fe2..e98e4396ee4 100644
--- a/app/bundles/IntegrationsBundle/Resources/views/Config/form.html.twig
+++ b/app/bundles/IntegrationsBundle/Resources/views/Config/form.html.twig
@@ -50,7 +50,7 @@
     <div class="tab-pane fade{% if 'details-container' == activeTab %} in active{% endif %} bdr-w-0" id="details-container">
         {% if useConfigFormNotes and integrationObject.getAuthorizationNote() is instanceof('\\Mautic\\IntegrationsBundle\\DTO\\Note') %}
             <div class="alert alert-{{ integrationObject.getAuthorizationNote().getType() }}">
-                {{ integrationObject.getAuthorizationNote().getNote()|trans  }}
+                {{ integrationObject.getAuthorizationNote().getNote()|trans|purify  }}
             </div>
         {% endif %}
         {{ form_row(form.isPublished) }}
@@ -96,7 +96,7 @@
     <div class="tab-pane fade{% if 'features-container' == activeTab %} in active{% endif %} bdr-w-0" id="features-container">
         {% if useConfigFormNotes and integrationObject.getFeaturesNote() is instanceof('\\Mautic\\IntegrationsBundle\\DTO\\Note') %}
             <div class="alert alert-{{ integrationObject.getFeaturesNote().getType() }}">
-                {{ integrationObject.getFeaturesNote().getNote()|trans  }}
+                {{ integrationObject.getFeaturesNote().getNote()|trans|purify  }}
             </div>
         {% endif %}
 
@@ -136,7 +136,7 @@
 
         {% if useConfigFormNotes and integrationObject.getFieldMappingNote() is instanceof('\\Mautic\\IntegrationsBundle\\DTO\\Note') %}
             <div class="alert alert-{{ integrationObject.getFieldMappingNote().getType() }}">
-                {{ integrationObject.getFieldMappingNote().getNote()|trans  }}
+                {{ integrationObject.getFieldMappingNote().getNote()|trans|purify  }}
             </div>
         {% endif %}
 
diff --git a/app/bundles/LeadBundle/Resources/views/Timeline/_list.html.twig b/app/bundles/LeadBundle/Resources/views/Timeline/_list.html.twig
index 36a7c962c26..69a5ef77345 100644
--- a/app/bundles/LeadBundle/Resources/views/Timeline/_list.html.twig
+++ b/app/bundles/LeadBundle/Resources/views/Timeline/_list.html.twig
@@ -43,7 +43,7 @@
             {% if eventLabel is iterable %}
                 {% set eventLabel %}
                   <a href="{{ eventLabel.href }}" {% if eventLabel.isExternal is not defined %}data-toggle="ajax"{% else %}target="_new"{% endif %}>
-                    {{- eventLabel.label -}}
+                    {{- eventLabel.label|purify -}}
                   </a>
                 {% endset %}
             {% endif %}
diff --git a/app/bundles/ReportBundle/Resources/views/SubscribedEvents/Dashboard/widget.html.twig b/app/bundles/ReportBundle/Resources/views/SubscribedEvents/Dashboard/widget.html.twig
index 36e2b119b21..32028cfaab3 100644
--- a/app/bundles/ReportBundle/Resources/views/SubscribedEvents/Dashboard/widget.html.twig
+++ b/app/bundles/ReportBundle/Resources/views/SubscribedEvents/Dashboard/widget.html.twig
@@ -25,7 +25,7 @@
     <div class="clearfix"></div>
 {% else %}
     <div class="ml-20 mr-20 mt-lg px-2 alert alert-danger" role="alert">
-        <a href="#" class="alert-link"><i class="ri-alert-line" aria-hidden="true"></i> {{ 'mautic.report.dashboard.widgets.no_report_found'|trans }}</a>
+        <a href="#" class="alert-link"><i class="ri-alert-line" aria-hidden="true"></i> {{ 'mautic.report.dashboard.widgets.no_report_found'|trans|purify }}</a>
     </div>
     <div class="clearfix"></div>
 {% endif %}