From 75a11b88c7e3fe163dc8ff8da0bf7d966eb9a8bc Mon Sep 17 00:00:00 2001
From: gnbm <goncalo.martins@outsystems.com>
Date: Tue, 20 Aug 2024 10:19:32 +0100
Subject: [PATCH 1/6] Added sanitizeInputValues configurations

---
 src/OSFramework/DataGrid/Configuration/Grid/FlexGridConfig.ts | 1 +
 src/OSFramework/DataGrid/Configuration/IConfigurationGrid.ts  | 4 ++++
 src/OutSystems/GridAPI/GridManager.ts                         | 1 +
 3 files changed, 6 insertions(+)

diff --git a/src/OSFramework/DataGrid/Configuration/Grid/FlexGridConfig.ts b/src/OSFramework/DataGrid/Configuration/Grid/FlexGridConfig.ts
index d259d433..441a8769 100644
--- a/src/OSFramework/DataGrid/Configuration/Grid/FlexGridConfig.ts
+++ b/src/OSFramework/DataGrid/Configuration/Grid/FlexGridConfig.ts
@@ -19,6 +19,7 @@ namespace OSFramework.DataGrid.Configuration.Grid {
 		public rowHeader: Enum.RowHeader;
 		public rowHeight: number;
 		public rowsPerPage: number;
+		public sanitizeInputValues: boolean;
 		public selectionMode: number;
 		public serverSidePagination: boolean;
 		public showAggregateValues: boolean;
diff --git a/src/OSFramework/DataGrid/Configuration/IConfigurationGrid.ts b/src/OSFramework/DataGrid/Configuration/IConfigurationGrid.ts
index 8c4d400d..8b580fe6 100644
--- a/src/OSFramework/DataGrid/Configuration/IConfigurationGrid.ts
+++ b/src/OSFramework/DataGrid/Configuration/IConfigurationGrid.ts
@@ -22,6 +22,10 @@ namespace OSFramework.DataGrid.Configuration {
         */
 		keyBinding: string;
 		/**
+		 * Indicates if the grid should sanitize the input values or not
+		 */
+		sanitizeInputValues: boolean;
+		/**
          Indicates if the grid is in server side pagination mode
         */
 		serverSidePagination: boolean;
diff --git a/src/OutSystems/GridAPI/GridManager.ts b/src/OutSystems/GridAPI/GridManager.ts
index 27f8b509..35db0237 100644
--- a/src/OutSystems/GridAPI/GridManager.ts
+++ b/src/OutSystems/GridAPI/GridManager.ts
@@ -15,6 +15,7 @@ namespace OutSystems.GridAPI.GridManager {
 			let output = false;
 			if (grid !== undefined) {
 				if (grid.isReady && data !== '' && data !== '{}') {
+					if (grid.config.sanitizeInputValues) data = OSFramework.DataGrid.Helper.Sanitize(data);
 					grid.setData(data);
 				}
 				output = true;

From 2bf72dceb36e8d3924433f8f7a3e2920951f63e9 Mon Sep 17 00:00:00 2001
From: gnbm <goncalo.martins@outsystems.com>
Date: Tue, 20 Aug 2024 10:36:00 +0100
Subject: [PATCH 2/6] Update GridManager.ts

---
 src/OutSystems/GridAPI/GridManager.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/OutSystems/GridAPI/GridManager.ts b/src/OutSystems/GridAPI/GridManager.ts
index 35db0237..5084aeee 100644
--- a/src/OutSystems/GridAPI/GridManager.ts
+++ b/src/OutSystems/GridAPI/GridManager.ts
@@ -15,6 +15,7 @@ namespace OutSystems.GridAPI.GridManager {
 			let output = false;
 			if (grid !== undefined) {
 				if (grid.isReady && data !== '' && data !== '{}') {
+					// When the configurantion is set to sanitize the input values, we need to sanitize the data before setting it
 					if (grid.config.sanitizeInputValues) data = OSFramework.DataGrid.Helper.Sanitize(data);
 					grid.setData(data);
 				}

From e8da103890d98eac16475080674e5144f9c65c6c Mon Sep 17 00:00:00 2001
From: gnbm <goncalo.martins@outsystems.com>
Date: Tue, 20 Aug 2024 13:20:00 +0100
Subject: [PATCH 3/6] Added curly brackets

---
 src/OutSystems/GridAPI/GridManager.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/OutSystems/GridAPI/GridManager.ts b/src/OutSystems/GridAPI/GridManager.ts
index 5084aeee..e12d00e5 100644
--- a/src/OutSystems/GridAPI/GridManager.ts
+++ b/src/OutSystems/GridAPI/GridManager.ts
@@ -16,7 +16,9 @@ namespace OutSystems.GridAPI.GridManager {
 			if (grid !== undefined) {
 				if (grid.isReady && data !== '' && data !== '{}') {
 					// When the configurantion is set to sanitize the input values, we need to sanitize the data before setting it
-					if (grid.config.sanitizeInputValues) data = OSFramework.DataGrid.Helper.Sanitize(data);
+					if (grid.config.sanitizeInputValues) {
+						data = OSFramework.DataGrid.Helper.Sanitize(data);
+					}
 					grid.setData(data);
 				}
 				output = true;

From 9f4d720283dce88689b9f60e21b7900c81437d40 Mon Sep 17 00:00:00 2001
From: gnbm <goncalo.martins@outsystems.com>
Date: Wed, 21 Aug 2024 00:18:56 +0100
Subject: [PATCH 4/6] Added logic to sanitize Image and Action columns

---
 src/Providers/DataGrid/Wijmo/Columns/ActionColumn.ts |  3 ++-
 src/Providers/DataGrid/Wijmo/Columns/ImageColumn.ts  |  4 +++-
 .../DataGrid/Wijmo/Helper/CellTemplateFactory.ts     | 12 ++++++++++--
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/Providers/DataGrid/Wijmo/Columns/ActionColumn.ts b/src/Providers/DataGrid/Wijmo/Columns/ActionColumn.ts
index ef005abb..614c06fc 100644
--- a/src/Providers/DataGrid/Wijmo/Columns/ActionColumn.ts
+++ b/src/Providers/DataGrid/Wijmo/Columns/ActionColumn.ts
@@ -37,7 +37,8 @@ namespace Providers.DataGrid.Wijmo.Column {
 				config.binding,
 				this.handleActionEvent.bind(this),
 				undefined,
-				this.config.externalURL
+				this.config.externalURL,
+				this.grid.config.sanitizeInputValues
 			);
 
 			return config;
diff --git a/src/Providers/DataGrid/Wijmo/Columns/ImageColumn.ts b/src/Providers/DataGrid/Wijmo/Columns/ImageColumn.ts
index e67b1162..bb4b1378 100644
--- a/src/Providers/DataGrid/Wijmo/Columns/ImageColumn.ts
+++ b/src/Providers/DataGrid/Wijmo/Columns/ImageColumn.ts
@@ -36,7 +36,9 @@ namespace Providers.DataGrid.Wijmo.Column {
 				this.config.actionColumnElementType,
 				config.binding,
 				this.handleActionEvent.bind(this),
-				this.config.altText
+				this.config.altText,
+				undefined /* externalURL */,
+				this.grid.config.sanitizeInputValues
 			);
 
 			return config;
diff --git a/src/Providers/DataGrid/Wijmo/Helper/CellTemplateFactory.ts b/src/Providers/DataGrid/Wijmo/Helper/CellTemplateFactory.ts
index fe7b01cc..5448a7c8 100644
--- a/src/Providers/DataGrid/Wijmo/Helper/CellTemplateFactory.ts
+++ b/src/Providers/DataGrid/Wijmo/Helper/CellTemplateFactory.ts
@@ -11,7 +11,8 @@ namespace Providers.DataGrid.Wijmo.Helper.CellTemplateFactory {
 		binding: string,
 		callback: (item) => void,
 		altText?: string,
-		externalURL?: string
+		externalURL?: string,
+		sanitizeInputValues?: boolean
 	): wijmo.grid.ICellTemplateFunction {
 		let cellTemplate: wijmo.grid.ICellTemplateFunction;
 
@@ -19,11 +20,18 @@ namespace Providers.DataGrid.Wijmo.Helper.CellTemplateFactory {
 		const hasExternalURL = externalURL?.toLocaleLowerCase().startsWith('http');
 
 		const url = hasExternalURL ? externalURL : '${item.' + externalURL + '}';
-		const text = hasFixedText ? binding.substring(1) : undefined;
+		let text = hasFixedText ? binding.substring(1) : undefined;
+
+		// Sanitize the text if the configuration is set to do so
+		if (text !== undefined) {
+			text = sanitizeInputValues ? OSFramework.DataGrid.Helper.Sanitize(text) : text;
+		}
 
 		let imgAltText = '';
 		if (altText !== undefined) {
 			const hasFixedAltText = altText.startsWith('$');
+			// Sanitize the alternative text if the configuration is set to do so
+			altText = sanitizeInputValues ? OSFramework.DataGrid.Helper.Sanitize(altText) : altText;
 			imgAltText = hasFixedAltText ? altText.substring(1) : '${item.' + altText + '}';
 		}
 

From bc0fe852310f88dafcedae8a839721ce1052fab2 Mon Sep 17 00:00:00 2001
From: gnbm <goncalo.martins@outsystems.com>
Date: Wed, 21 Aug 2024 13:44:17 +0100
Subject: [PATCH 5/6] Added logic to sanitize Context Menu items

---
 src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts b/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts
index f037b727..0d2c5c91 100644
--- a/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts
+++ b/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts
@@ -313,8 +313,8 @@ namespace Providers.DataGrid.Wijmo.Feature {
 			executeCommand: OSFramework.DataGrid.Callbacks.ContextMenu.OSClickEvent
 		): void {
 			const menuItem = new OSFramework.DataGrid.Feature.Auxiliar.MenuItem(menuItemId);
-
-			menuItem.label = label;
+			// Sanitize the label if the configuration is set to do so
+			menuItem.label = this.grid.config.sanitizeInputValues ? OSFramework.DataGrid.Helper.Sanitize(label) : label;
 			menuItem.enabled = enabled;
 			menuItem.clickEvent = executeCommand;
 

From 1156f28879f7812faf8ad75f1b1a2b40e367c1a8 Mon Sep 17 00:00:00 2001
From: gnbm <goncalo.martins@outsystems.com>
Date: Wed, 21 Aug 2024 16:22:26 +0100
Subject: [PATCH 6/6] Update ContextMenu.ts

---
 src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts b/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts
index 0d2c5c91..37dd84ef 100644
--- a/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts
+++ b/src/Providers/DataGrid/Wijmo/Features/ContextMenu.ts
@@ -339,7 +339,12 @@ namespace Providers.DataGrid.Wijmo.Feature {
 			const menuItem = this._menuItems.get(menuItemId);
 			if (menuItem) {
 				if (menuItem.hasOwnProperty(propertyName)) {
-					menuItem[propertyName] = propertyValue;
+					if (propertyName === 'label' && this.grid.config.sanitizeInputValues) {
+						// Sanitize the label if the configuration is set to do so
+						menuItem.label = OSFramework.DataGrid.Helper.Sanitize(propertyValue as string);
+					} else {
+						menuItem[propertyName] = propertyValue;
+					}
 				} else {
 					console.error(`MenuItem "${menuItem.label}" has no property "${propertyName}" defined.`);
 				}