More sanitization

CSETWebNg/src/app/dialogs/component-override/component-override.component.html

@@ -51,7 +51,7 @@
             <th colspan="2">Specific Component Name</th>
           </tr>
           <tr *ngFor="let q of questions; let i = index">
-            <td>{{ utilitiesSvc.removeHtmlTags(q.componentName, true) }}</td>
+            <td>{{ utilitiesSvc.removeHtmlTags(q.componentName) }}</td>
             <td>
               <div class="btn-group btn-group-toggle answer-group" data-toggle="buttons" style="float:right;">
                 <label *ngIf="showThisOption('Y')" class="btn btn-yes form-check-label"

CSETWebNg/src/app/reports/component-question-list/component-question-list.component.ts

@@ -55,7 +55,7 @@ export class ComponentQuestionListComponent implements OnInit, OnChanges {
    */
   ngOnChanges(): void {
     this.data.forEach(x => {
-      x.componentName = this.utilitiesSvc.removeHtmlTags(x.componentName, true);
+      x.componentName = this.utilitiesSvc.removeHtmlTags(x.componentName);
     });
   }
 }

CSETWebNg/src/app/services/utilities.service.ts

@@ -666,15 +666,24 @@ export class Utilities {
     /**
      * 
      */
-    public removeHtmlTags(input: string, replaceWithSpace: boolean): string {
+    public removeHtmlTags(input: string): string {
+
+        // convert <br> tag to space to avoid words smashed together in output
+        input = input.replace(/<br[^>]*>/g, ' ');
+
+        const div = document.createElement('div');
+        div.innerHTML = input;
+        input = div.textContent || div.innerText;
+
+
         // Remove script tags first to prevent potential XSS attacks
         input = input.replace(/<script[^>]*?>.*?<\/script>/gi, '');
 
         // Remove style tags to avoid unwanted formatting
         input = input.replace(/<style[^>]*?>.*?<\/style>/gi, '');
 
         // Remove all other HTML tags and attributes
-        input = input.replace(/<[^>]*>/g, replaceWithSpace ? ' ' : '');
+        input = input.replace(/<[^>]*>/g, '');
 
         return input;
     }