remove all calls to dangerouslySetInnerHTML

fix brave/brave-browser#11642

Author: diracdeltas

browser/ui/webui/brave_webui_source.cc

@@ -105,24 +105,6 @@ void CustomizeWebUIHTMLSource(const std::string &name,
   };
   AddResourcePaths(source, resources[name]);
 
-  /**
-   * REWARDS
-   */
-  // String used to display not supported region for
-  // uphold wallet connection
-  base::string16 rewards_not_supported_region = l10n_util::GetStringFUTF16(
-      IDS_BRAVE_REWARDS_LOCAL_REDIRECT_MODAL_NOT_ALLOWED,
-      base::ASCIIToUTF16(kRewardsUpholdSupport));
-  source->AddString("redirectModalNotAllowed", rewards_not_supported_region);
-
-  // Strings which have token replacement in them
-  base::string16 brave_welcome_page_privacy_desc = l10n_util::GetStringFUTF16(
-      IDS_BRAVE_WELCOME_PAGE_PRIVACY_DESC,
-      base::ASCIIToUTF16(kP3ALearnMoreURL),
-      base::ASCIIToUTF16(kP3ASettingsLink));
-  source->AddString("privacyDesc",
-                         brave_welcome_page_privacy_desc);
-
   static std::map<std::string, std::vector<WebUISimpleItem> >
                                                            localized_strings = {
     {
@@ -373,7 +355,8 @@ void CustomizeWebUIHTMLSource(const std::string &name,
         { "skipWelcomeTour", IDS_BRAVE_WELCOME_PAGE_SKIP_BUTTON },
         { "next", IDS_BRAVE_WELCOME_PAGE_NEXT_BUTTON },
         { "done", IDS_BRAVE_WELCOME_PAGE_DONE_BUTTON },
-        { "privacyTitle", IDS_BRAVE_WELCOME_PAGE_PRIVACY_TITLE }
+        { "privacyTitle", IDS_BRAVE_WELCOME_PAGE_PRIVACY_TITLE },
+        { "privacyDesc", IDS_BRAVE_WELCOME_PAGE_PRIVACY_DESC }
       }
     }, {
       std::string("rewards"), {
@@ -468,6 +451,7 @@ void CustomizeWebUIHTMLSource(const std::string &name,
         { "redirectModalErrorWallet", IDS_BRAVE_REWARDS_LOCAL_REDIRECT_MODAL_ERROR_WALLET },     // NOLINT
         { "redirectModalBatLimitTitle", IDS_BRAVE_REWARDS_LOCAL_REDIRECT_MODAL_BAT_LIMIT_TITLE },     // NOLINT
         { "redirectModalBatLimitText", IDS_BRAVE_REWARDS_LOCAL_REDIRECT_MODAL_BAT_LIMIT_TEXT },     // NOLINT
+        { "redirectModalNotAllowed", IDS_BRAVE_REWARDS_LOCAL_REDIRECT_MODAL_NOT_ALLOWED},     // NOLINT
 
         { "click",  IDS_BRAVE_REWARDS_LOCAL_ADS_CONFIRMATION_TYPE_CLICK },
         { "dismiss",  IDS_BRAVE_REWARDS_LOCAL_ADS_CONFIRMATION_TYPE_DISMISS },

build/commands/scripts/checkSecurity.js

@@ -5,9 +5,9 @@
 
 const execSync = require('child_process').execSync
 
-// Grep for any usage of innerHTML. TODO: add dangerouslySetInnerHTML.
+// Grep for any usage of innerHTML / document.write.
 // Ping @security-team before changing this.
-const cmd = "git grep --extended-regexp '(innerHTML|document.write)' ':(exclude)*test.cc' ':(exclude)test/*' ':(exclude)*.json' ':(exclude)build/*' ':(exclude)*browsertest*.cc'"
+const cmd = "git grep -i --extended-regexp '(innerHTML|document.write)' ':(exclude)*test.cc' ':(exclude)test/*' ':(exclude)*.json' ':(exclude)build/*' ':(exclude)*browsertest*.cc'"
 
 try {
   const stdout = execSync(cmd)

components/brave_rewards/resources/page/components/pageWallet.tsx

@@ -20,7 +20,7 @@ import { AlertWallet, WalletState } from '../../ui/components/walletWrapper'
 import { Provider } from '../../ui/components/profile'
 import { DetailRow as PendingDetailRow, PendingType } from '../../ui/components/tablePending'
 // Utils
-import { getLocale } from '../../../../common/locale'
+import { getLocale, getLocaleTags } from '../../../../common/locale'
 import * as rewardsActions from '../actions/rewards_actions'
 import * as utils from '../utils'
 import WalletOff from '../../ui/components/walletOff'
@@ -752,7 +752,16 @@ class PageWallet extends React.Component<Props, State> {
 
     // ledger::type::Result::CORRUPTED_DATA
     if (walletRecoveryStatus === 17) {
-      return <span dangerouslySetInnerHTML={{ __html: getLocale('walletRecoveryOutdated') }} />
+      const tags = getLocaleTags('walletRecoveryOutdated')
+      return (
+        <span>
+          {tags.beforeTag}
+          <a href='https://brave.com/faq#convert-old-keys' target='_blank' rel='noopener noreferrer'>
+            {tags.duringTag}
+          </a>
+          {tags.afterTag}
+        </span>
+      )
     }
 
     if (walletRecoveryStatus !== 0) {

components/brave_rewards/resources/page/components/settingsPage.tsx

@@ -223,7 +223,7 @@ class SettingsPage extends React.Component<Props, State> {
       return (
         <ModalRedirect
           id={'redirect-modal-not-allowed'}
-          errorText={{ __html: getLocale('redirectModalNotAllowed') }}
+          errorText={getLocale('redirectModalNotAllowed')}
           titleText={getLocale('redirectModalErrorWallet')}
           buttonText={getLocale('redirectModalClose')}
           onClick={this.actions.hideRedirectModal}
@@ -236,7 +236,7 @@ class SettingsPage extends React.Component<Props, State> {
         <ModalRedirect
           id={'redirect-modal-bat-limit'}
           titleText={getLocale('redirectModalBatLimitTitle')}
-          errorText={{ __html: getLocale('redirectModalBatLimitText') }}
+          errorText={getLocale('redirectModalBatLimitText')}
           buttonText={getLocale('redirectModalClose')}
           onClick={this.actions.hideRedirectModal}
         />
@@ -247,7 +247,7 @@ class SettingsPage extends React.Component<Props, State> {
       return (
         <ModalRedirect
           id={'redirect-modal-error'}
-          errorText={{ __html: getLocale('redirectModalError') }}
+          errorText={getLocale('redirectModalError')}
           buttonText={getLocale('processingRequestButton')}
           titleText={getLocale('processingRequest')}
           onClick={this.onRedirectError}

components/brave_rewards/resources/ui/components/checkout/addFundsPanel/index.tsx

@@ -4,7 +4,7 @@
 
 import * as React from 'react'
 
-import { LocaleContext } from '../localeContext'
+import { LocaleContext, getLocaleTags } from '../localeContext'
 import { DialogTitle } from '../dialogTitle'
 import { FormSection } from '../formSection'
 import { CreditCardForm, CreditCardFormHandle, CreditCardDetails } from '../creditCardForm'
@@ -119,6 +119,8 @@ export function AddFundsPanel (props: AddFundsPanelProps) {
     }
   }
 
+  const tags = getLocaleTags(locale.get('addFundsTermsOfSale'))
+
   return (
     <>
       <DialogTitle>{locale.get('addFundsTitle')}</DialogTitle>
@@ -165,7 +167,11 @@ export function AddFundsPanel (props: AddFundsPanelProps) {
         />
       </PurchaseButtonRow>
       <TermsOfSale>
-        <span dangerouslySetInnerHTML={{ __html: locale.get('addFundsTermsOfSale') }} />
+        <span>
+          {tags.beforeTag}
+          <a href='javascript:void 0'>{tags.duringTag}</a>
+          {tags.afterTag}
+        </span>
       </TermsOfSale>
     </>
   )

components/brave_rewards/resources/ui/components/checkout/enableRewardsPanel/index.tsx

@@ -4,7 +4,7 @@
 
 import * as React from 'react'
 
-import { LocaleContext } from '../localeContext'
+import { LocaleContext, getLocaleTags } from '../localeContext'
 
 import {
   Container,
@@ -22,24 +22,27 @@ interface EnableRewardsPanelProps {
 export function EnableRewardsPanel (props: EnableRewardsPanelProps) {
   const locale = React.useContext(LocaleContext)
   const handleClick = () => { props.onEnableRewards() }
+  const tags = getLocaleTags(locale.get('enableRewardsTerms'))
 
   return (
     <Container>
       <Title>{locale.get('enableRewardsTitle')}</Title>
       <Text>{locale.get('enableRewardsText')}</Text>
-      <LearnMore
-        dangerouslySetInnerHTML={{ __html: locale.get('enableRewardsLearnMore') }}
-      />
+      <LearnMore>
+        <a href='javascript:void 0'>{locale.get('enableRewardsLearnMore')}</a>
+      </LearnMore>
       <EnableRewardsButton
         text={locale.get('enableRewardsButtonText')}
         size='medium'
         onClick={handleClick}
         type='accent'
         brand='rewards'
       />
-      <TermsOfService
-        dangerouslySetInnerHTML={{ __html: locale.get('enableRewardsTerms') }}
-      />
+      <TermsOfService>
+        {tags.beforeTag}
+        <a href='javascript: void 0'>{tags.duringTag}</a>
+        {tags.afterTag}
+      </TermsOfService>
     </Container>
   )
 }

components/brave_rewards/resources/ui/components/checkout/localeContext/index.ts

@@ -13,3 +13,12 @@ export const LocaleContext = React.createContext<LocaleData>({
     return 'MISSING'
   }
 })
+
+export const getLocaleTags = (text: string) => {
+  const actionIndex: number = text.indexOf('$1')
+  const actionEndIndex: number = text.indexOf('$2')
+  const beforeTag = text.substring(0, actionIndex)
+  const duringTag = text.substring(actionIndex + 2, actionEndIndex)
+  const afterTag = text.substring(actionEndIndex + 2)
+  return { beforeTag, duringTag, afterTag }
+}

components/brave_rewards/resources/ui/components/checkout/useCreditCardPanel/index.tsx

@@ -4,7 +4,7 @@
 
 import * as React from 'react'
 
-import { LocaleContext } from '../localeContext'
+import { LocaleContext, getLocaleTags } from '../localeContext'
 import { FormSection } from '../formSection'
 import { CreditCardForm, CreditCardDetails, CreditCardFormHandle } from '../creditCardForm'
 import { GoBackLink } from '../goBackLink'
@@ -31,6 +31,7 @@ interface UseCreditCardPanelProps {
 export function UseCreditCardPanel (props: UseCreditCardPanelProps) {
   const locale = React.useContext(LocaleContext)
   const creditCardFormRef = React.useRef<CreditCardFormHandle>(null)
+  const tags = getLocaleTags(locale.get('confirmTermsOfSale'))
 
   const onConfirmClick = () => {
     const formHandle = creditCardFormRef.current
@@ -83,7 +84,11 @@ export function UseCreditCardPanel (props: UseCreditCardPanelProps) {
           </div>
         </ConfirmButtonRow>
         <TermsOfSale>
-          <span dangerouslySetInnerHTML={{ __html: locale.get('confirmTermsOfSale') }} />
+          <span>
+            {tags.beforeTag}
+            <a href='javascript:void 0'>{tags.duringTag}</a>
+            {tags.afterTag}
+          </span>
         </TermsOfSale>
       </div>
     )

components/brave_rewards/resources/ui/components/checkout/useWalletPanel/index.tsx

@@ -5,7 +5,7 @@
 import * as React from 'react'
 import { PlusIcon } from 'brave-ui/components/icons'
 
-import { LocaleContext, LocaleData } from '../localeContext'
+import { LocaleContext, LocaleData, getLocaleTags } from '../localeContext'
 import { FormSection } from '../formSection'
 
 import {
@@ -72,6 +72,7 @@ export function UseWalletPanel (props: UseWalletPanelProps) {
   }
 
   const locale = React.useContext(LocaleContext)
+  const tags = getLocaleTags(locale.get('payWithBatTermsOfSale'))
 
   return (
     <>
@@ -100,7 +101,11 @@ export function UseWalletPanel (props: UseWalletPanelProps) {
       {
         props.hasSufficientFunds &&
           <TermsOfSale>
-            <span dangerouslySetInnerHTML={{ __html: locale.get('payWithBatTermsOfSale') }} />
+            <span>
+              {tags.beforeTag}
+              <a href='javascript:void 0'>{tags.duringTag}</a>
+              {tags.afterTag}
+            </span>
           </TermsOfSale>
       }
     </>

components/brave_rewards/resources/ui/components/modalBackupRestore/index.tsx

@@ -22,6 +22,7 @@ import {
 } from './style'
 import { TextArea, Modal, Button } from 'brave-ui/components'
 import { getLocale } from 'brave-ui/helpers'
+import { getLocaleTags } from '../../../../../common/locale'
 import { Alert, Tab } from '../'
 import ControlWrapper from 'brave-ui/components/formControls/controlWrapper'
 
@@ -310,13 +311,20 @@ export default class ModalBackupRestore extends React.PureComponent<Props, State
   }
 
   getReset = () => {
+    const tags = getLocaleTags('rewardsResetTextFunds', {
+      amount: this.props.internalFunds.toString()
+    })
     return (
       <>
         <StyledTextWrapper>
           <StyledText data-test-id={'reset-text'}>
             {
               this.props.internalFunds > 0
-              ? <span dangerouslySetInnerHTML={{ __html: getLocale('rewardsResetTextFunds', { amount: this.props.internalFunds }) }} />
+              ? <span>
+                {tags.beforeTag}
+                <b>{tags.duringTag}</b>
+                {tags.afterTag}
+              </span>
               : getLocale('rewardsResetTextNoFunds')
             }
           </StyledText>

components/brave_rewards/resources/ui/components/modalRedirect/index.tsx

@@ -13,12 +13,11 @@ import {
 import Modal from 'brave-ui/components/popupModals/modal/index'
 import { LoaderIcon } from 'brave-ui/components/icons'
 import { Button } from 'brave-ui/components'
+import { splitStringForTag } from '../../../../../common/locale'
 
 export interface Props {
   id?: string
-  errorText?: {
-    __html: string;
-  }
+  errorText?: string
   buttonText?: string
   titleText?: string
   onClick?: () => void
@@ -41,6 +40,10 @@ export default class ModalRedirect extends React.PureComponent<Props, {}> {
 
   render () {
     const { id, errorText, titleText } = this.props
+    let tags = null
+    if (errorText && errorText.includes('$1')) {
+      tags = splitStringForTag(errorText, '$1', '$2')
+    }
 
     return (
       <Modal id={id} displayCloseButton={false}>
@@ -51,7 +54,23 @@ export default class ModalRedirect extends React.PureComponent<Props, {}> {
           {
             errorText
             ? <StyledError>
-              <p dangerouslySetInnerHTML={errorText} />
+              <p>
+              {
+                tags
+                ? <>
+                    {tags.beforeTag}
+                    <a
+                      href='https://uphold.com/en/brave/support'
+                      target='_blank'
+                      rel='noopener noreferrer'
+                    >
+                      {tags.duringTag}
+                    </a>
+                    {tags.afterTag}
+                  </>
+                : errorText
+              }
+              </p>
               {this.getButton()}
             </StyledError>
             : <StyledLoader>

components/brave_rewards/resources/ui/components/modalVerify/index.tsx

@@ -32,6 +32,7 @@ import {
   RewardsCheckIcon
 } from 'brave-ui/components/icons'
 import { Modal } from 'brave-ui/components'
+import { getLocaleTags } from '../../../../../common/locale'
 
 export interface Props {
   onVerifyClick: () => void
@@ -69,14 +70,21 @@ export default class ModalVerify extends React.PureComponent<Props, {}> {
     </>
   )
 
-  getFooter = () => (
-    <StyledFooter>
-      <span dangerouslySetInnerHTML={{ __html: getLocale('walletVerificationFooter') }} />
-      <StyledFooterIcon>
-        <UpholdColorIcon />
-      </StyledFooterIcon>
-    </StyledFooter>
-  )
+  getFooter = () => {
+    const tags = getLocaleTags('walletVerificationFooter')
+    return (
+      <StyledFooter>
+        <span>
+          {tags.beforeTag}
+          <b>{tags.duringTag}</b>
+          {tags.afterTag}
+        </span>
+        <StyledFooterIcon>
+          <UpholdColorIcon />
+        </StyledFooterIcon>
+      </StyledFooter>
+    )
+  }
 
   render () {
     const {