diff --git a/src/components/_classes/component/Component.js b/src/components/_classes/component/Component.js
index c64abaa4eb..1e15ff96ef 100644
--- a/src/components/_classes/component/Component.js
+++ b/src/components/_classes/component/Component.js
@@ -1223,7 +1223,7 @@ export default class Component extends Element {
placement: 'right',
zIndex: 10000,
interactive: true,
- content: this.t(tooltipText, { _userInput: true }),
+ content: this.t(this.sanitize(tooltipText), { _userInput: true }),
});
}
});
diff --git a/src/components/_classes/component/Component.unit.js b/src/components/_classes/component/Component.unit.js
index 7726f1b97c..5b44442ded 100644
--- a/src/components/_classes/component/Component.unit.js
+++ b/src/components/_classes/component/Component.unit.js
@@ -9,6 +9,7 @@ import { comp1 } from './fixtures';
import _merge from 'lodash/merge';
import comp3 from './fixtures/comp3';
import comp4 from './fixtures/comp4';
+import comp5 from './fixtures/comp5';
describe('Component', () => {
it('Should create a Component', (done) => {
@@ -356,4 +357,18 @@ describe('Component', () => {
.catch(done);
});
});
+
+ it('Should not execute code inside Tooltips/Description', (done) => {
+ const formElement = document.createElement('div');
+ const form = new Webform(formElement);
+
+ form.setForm(comp5).then(() => {
+ setTimeout(() => {
+ console.log(form.components[0].element);
+ assert.equal(window._ee, undefined, 'Should not execute code inside Tooltips/Description');
+ done();
+ }, 200);
+ })
+ .catch(done);
+ });
});
diff --git a/src/components/_classes/component/fixtures/comp5.js b/src/components/_classes/component/fixtures/comp5.js
new file mode 100644
index 0000000000..68806c95d7
--- /dev/null
+++ b/src/components/_classes/component/fixtures/comp5.js
@@ -0,0 +1,24 @@
+export default {
+ type: 'form',
+ display: 'form',
+ components: [
+ {
+ label: 'Text Field',
+ description: "",
+ tooltip: "