diff --git a/src/components/_classes/component/Component.js b/src/components/_classes/component/Component.js index c64abaa4eb..1e15ff96ef 100644 --- a/src/components/_classes/component/Component.js +++ b/src/components/_classes/component/Component.js @@ -1223,7 +1223,7 @@ export default class Component extends Element { placement: 'right', zIndex: 10000, interactive: true, - content: this.t(tooltipText, { _userInput: true }), + content: this.t(this.sanitize(tooltipText), { _userInput: true }), }); } }); diff --git a/src/components/_classes/component/Component.unit.js b/src/components/_classes/component/Component.unit.js index 7726f1b97c..5b44442ded 100644 --- a/src/components/_classes/component/Component.unit.js +++ b/src/components/_classes/component/Component.unit.js @@ -9,6 +9,7 @@ import { comp1 } from './fixtures'; import _merge from 'lodash/merge'; import comp3 from './fixtures/comp3'; import comp4 from './fixtures/comp4'; +import comp5 from './fixtures/comp5'; describe('Component', () => { it('Should create a Component', (done) => { @@ -356,4 +357,18 @@ describe('Component', () => { .catch(done); }); }); + + it('Should not execute code inside Tooltips/Description', (done) => { + const formElement = document.createElement('div'); + const form = new Webform(formElement); + + form.setForm(comp5).then(() => { + setTimeout(() => { + console.log(form.components[0].element); + assert.equal(window._ee, undefined, 'Should not execute code inside Tooltips/Description'); + done(); + }, 200); + }) + .catch(done); + }); }); diff --git a/src/components/_classes/component/fixtures/comp5.js b/src/components/_classes/component/fixtures/comp5.js new file mode 100644 index 0000000000..68806c95d7 --- /dev/null +++ b/src/components/_classes/component/fixtures/comp5.js @@ -0,0 +1,24 @@ +export default { + type: 'form', + display: 'form', + components: [ + { + label: 'Text Field', + description: "", + tooltip: "