Added safe pipe to fix angular xss warnings

Author: AXeL-dev

projects/demo/src/app/app.module.ts

@@ -11,7 +11,8 @@ import en from '@angular/common/locales/en';
 registerLocaleData(en);
 
 import { AppComponent } from './app.component';
-import { NgxDiff2htmlModule } from 'ngx-diff2html';
+//import { NgxDiff2htmlModule } from 'ngx-diff2html';
+import { NgxDiff2htmlModule } from 'projects/ngx-diff2html/src/public-api';
 
 @NgModule({
   declarations: [

projects/ngx-diff2html/src/lib/ngx-diff2html.component.ts

@@ -5,7 +5,7 @@ import { DiffFormat, DiffStyle } from './ngx-diff2html.model';
 @Component({
   selector: 'ngx-diff2html',
   template: `
-    <div [innerHtml]="diffHTML"></div>
+    <div [innerHtml]="diffHTML | safe:'html'"></div>
   `,
   styles: []
 })

projects/ngx-diff2html/src/lib/ngx-diff2html.module.ts

@@ -1,11 +1,13 @@
 import { NgModule } from '@angular/core';
 import { NgxDiff2htmlComponent } from './ngx-diff2html.component';
+import { SafePipe } from '../pipes/safe.pipe';
 
 
 
 @NgModule({
   declarations: [
-    NgxDiff2htmlComponent
+    NgxDiff2htmlComponent,
+    SafePipe
   ],
   imports: [
   ],

projects/ngx-diff2html/src/pipes/safe.pipe.ts

@@ -0,0 +1,32 @@
+/**
+ * Stolen from: https://github.com/embarq/safe-pipe/blob/master/projects/safe-pipe/src/lib/safe-pipe.pipe.ts
+ */
+import { Pipe, PipeTransform } from '@angular/core';
+import { DomSanitizer, SafeStyle, SafeResourceUrl, SafeScript, SafeHtml, SafeUrl } from '@angular/platform-browser';
+
+export type SafePipeType = 'html' | 'style' | 'script' | 'url' | 'resourceUrl';
+
+@Pipe({
+  name: 'safe',
+  pure: true
+})
+export class SafePipe implements PipeTransform {
+  constructor(protected sanitizer: DomSanitizer) { }
+
+  public transform(value: string, type: SafePipeType): SafeHtml | SafeStyle | SafeScript | SafeUrl | SafeResourceUrl {
+    switch (type) {
+      case 'html':
+        return this.sanitizer.bypassSecurityTrustHtml(value);
+      case 'style':
+        return this.sanitizer.bypassSecurityTrustStyle(value);
+      case 'script':
+        return this.sanitizer.bypassSecurityTrustScript(value);
+      case 'url':
+        return this.sanitizer.bypassSecurityTrustUrl(value);
+      case 'resourceUrl':
+        return this.sanitizer.bypassSecurityTrustResourceUrl(value);
+      default:
+        throw new Error(`SafePipe unable to bypass security for invalid type: ${type}`);
+    }
+  }
+}