From e14473ffe21ff9081f2b8c89129399e8fe1bfef6 Mon Sep 17 00:00:00 2001
From: Boubaker Khanfir <boubaker.khanfir@exoplatform.com>
Date: Thu, 11 Jan 2024 15:53:57 +0100
Subject: [PATCH] feat: Update HTML Sanitizer to allow data attributes -
 MEED-3117 - Meeds-io/MIPs#109 (#583)

This change will allow to have some data attributes in sanitized html
which will be used in group mentioning.
---
 .../main/java/org/exoplatform/commons/utils/CommonsUtils.java | 2 +-
 .../java/org/exoplatform/commons/utils/HTMLSanitizer.java     | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/commons-component-common/src/main/java/org/exoplatform/commons/utils/CommonsUtils.java b/commons-component-common/src/main/java/org/exoplatform/commons/utils/CommonsUtils.java
index 88dc7335d5..89c010bb4b 100644
--- a/commons-component-common/src/main/java/org/exoplatform/commons/utils/CommonsUtils.java
+++ b/commons-component-common/src/main/java/org/exoplatform/commons/utils/CommonsUtils.java
@@ -204,7 +204,7 @@ public static String getCurrentPortalOwner() {
       return pContext.getPortalOwner();
     } else {
       UserPortalConfigService portalConfig = getService(UserPortalConfigService.class);
-      return portalConfig == null ? null : portalConfig.getDefaultPortal();
+      return portalConfig == null ? null : portalConfig.getMetaPortal();
     }
   }
 
diff --git a/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java b/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
index 2a927745bf..db5bfa9b13 100644
--- a/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
+++ b/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
@@ -137,6 +137,10 @@ abstract public class HTMLSanitizer {
                                                                                                                                 .matching(ONSITE_OR_OFFSITE_URL)
                                                                                                                                 .onElements("a")
                                                                                                                                 .allowStandardUrlProtocols()
+                                                                                                                                .allowAttributes("data-identity-id")
+                                                                                                                                .globally()
+                                                                                                                                .allowAttributes("data-role")
+                                                                                                                                .globally()
                                                                                                                                 .allowAttributes("nohref")
                                                                                                                                 .onElements("a")
                                                                                                                                 .allowAttributes("target")