open-condo-software
diff --git a/‎apps/condo/domains/common/components/HtmlContent.tsx‎
Lines changed: 24 additions & 6 deletions b/‎apps/condo/domains/common/components/HtmlContent.tsx‎
Lines changed: 24 additions & 6 deletions
diff --git a/‎apps/condo/domains/common/utils/xss.js‎
Lines changed: 21 additions & 0 deletions b/‎apps/condo/domains/common/utils/xss.js‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎apps/condo/domains/common/utils/xss.spec.js‎
Lines changed: 33 additions & 0 deletions b/‎apps/condo/domains/common/utils/xss.spec.js‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎apps/condo/domains/property/components/UnitInfo.tsx‎
Lines changed: 4 additions & 3 deletions b/‎apps/condo/domains/property/components/UnitInfo.tsx‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎apps/condo/domains/property/schema/Property.js‎
Lines changed: 9 additions & 8 deletions b/‎apps/condo/domains/property/schema/Property.js‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎apps/condo/domains/ticket/components/BaseTicketForm/index.tsx‎
Lines changed: 7 additions & 5 deletions b/‎apps/condo/domains/ticket/components/BaseTicketForm/index.tsx‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎apps/condo/domains/ticket/components/TicketPropertyHint/BaseTicketPropertyHintForm.tsx‎
Lines changed: 41 additions & 11 deletions b/‎apps/condo/domains/ticket/components/TicketPropertyHint/BaseTicketPropertyHintForm.tsx‎
Lines changed: 41 additions & 11 deletions
diff --git a/‎apps/condo/domains/ticket/components/TicketPropertyHint/CreateTicketPropertyHintForm.tsx‎
Lines changed: 1 addition & 6 deletions b/‎apps/condo/domains/ticket/components/TicketPropertyHint/CreateTicketPropertyHintForm.tsx‎
Lines changed: 1 addition & 6 deletions
@@ -1,22 +1,40 @@
+import styled from '@emotion/styled'
 import React, { CSSProperties, useMemo } from 'react'
-import xss from 'xss'
+import { sanitizeXss } from '@condo/domains/common/utils/xss'
+import { colors } from '@condo/domains/common/constants/style'
 
-type HtmlContentProps = {
+export type HtmlContentProps = {
     html: string
     style?: CSSProperties
     className?: string
+    css?
 }
 
-export const HtmlContent: React.FC<HtmlContentProps> = ({ html, style, className }) => {
+const StyledDiv = styled.div`
+  overflow: hidden;
+  word-break: break-word;
+  
+  p {
+    margin: 0;
+  }
+
+  a {
+    color: ${colors.black};
+    text-decoration: underline;
+  }
+`
+
+export const HtmlContent = React.forwardRef<HTMLDivElement, HtmlContentProps>(({ html, style, className }, ref) => {
     const htmlContent = useMemo(() => ({
-        __html: xss(html),
+        __html: sanitizeXss(html),
     }), [html])
 
     return (
-        <div
+        <StyledDiv
+            ref={ref}
             className={className}
             dangerouslySetInnerHTML={htmlContent}
             style={style}
         />
     )
-}
+})
@@ -0,0 +1,21 @@
+const _xss = require('xss')
+
+const whiteList = _xss.getDefaultWhiteList()
+whiteList.p.push('style')
+whiteList.span.push('style')
+whiteList.li.push('style')
+whiteList.a.push('style')
+
+const xss = new _xss.FilterXSS({
+    whiteList,
+    css: {
+        whiteList: {
+            'text-align': true,
+            'background-color': true,
+        },
+    },
+})
+
+const sanitizeXss = (html) => xss.process(html)
+
+module.exports = { sanitizeXss }
@@ -0,0 +1,33 @@
+const { sanitizeXss } = require('@condo/domains/common/utils/xss')
+
+const ALLOWED_STYLE_ATTR = 'style="text-align:center; background-color:red;"'
+const getValidHtmlTagsWithStyles = style => `<li ${style}><p ${style}><a ${style}>lorem</a> <span ${style}>ipsum</span></p>`
+
+describe('xss', () => {
+    it('allow text-align and background-color style attribute values to p, span, li, a, tags', () => {
+        const html = getValidHtmlTagsWithStyles(ALLOWED_STYLE_ATTR)
+
+        expect(sanitizeXss(html)).toEqual(html)
+    })
+
+    it('not allow other style attribute values to p, span, li, a, tags', () => {
+        const html = getValidHtmlTagsWithStyles('style="width: expression(alert(\'XSS\'));"')
+        const expectedResult = '<li style><p style><a style>lorem</a> <span style>ipsum</span></p>'
+
+        expect(sanitizeXss(html)).toEqual(expectedResult)
+    })
+
+    it('not allow style attribute to other tags', () => {
+        const html = '<div style="background-image: url(javascript:alert(\'XSS\'))">123</div>'
+        const expectedResult = '<div>123</div>'
+
+        expect(sanitizeXss(html)).toEqual(expectedResult)
+    })
+
+    it('escape script tag', () => {
+        const html = '<script> console.log(\'123\') </script>'
+        const expectedResult = '&lt;script&gt; console.log(\'123\') &lt;/script&gt;'
+
+        expect(sanitizeXss(html)).toEqual(expectedResult)
+    })
+})
@@ -91,11 +91,12 @@ export const UnitInfo: IUnitInfo = (props) => {
     }, [form, setSelectedUnitName, setSelectedUnitType, updateSectionAndFloor])
 
     const colSpan = isSmall ? 24 : 20
+    const inputColSpan = isSmall ? 8 : 5
 
     return (
         <Col span={colSpan}>
             <Row gutter={UNIT_FIELDS_GUTTER}>
-                <Col span={5} data-cy={'unit-name-input-item'}>
+                <Col span={inputColSpan} data-cy={'unit-name-input-item'}>
                     <TicketFormItem name={'unitName'} label={FlatNumberLabel}>
                         <UnitNameInput
                             property={property}
@@ -105,12 +106,12 @@ export const UnitInfo: IUnitInfo = (props) => {
                         />
                     </TicketFormItem>
                 </Col>
-                <Col span={5}>
+                <Col span={inputColSpan}>
                     <TicketFormItem name={'sectionName'} label={SectionNameLabel}>
                         <Input disabled/>
                     </TicketFormItem>
                 </Col>
-                <Col span={5}>
+                <Col span={inputColSpan}>
                     <TicketFormItem name={'floorName'} label={FloorNameLabel}>
                         <Input disabled/>
                     </TicketFormItem>
 
@@ -6,11 +6,12 @@ const get = require('lodash/get')
 const isEmpty = require('lodash/isEmpty')
 const Ajv = require('ajv')
 const dayjs = require('dayjs')
-const { Text, Select, Virtual, Integer, CalendarDay, Decimal } = require('@keystonejs/fields')
 
+const { Text, Select, Virtual, Integer, CalendarDay, Decimal } = require('@keystonejs/fields')
 const { Json } = require('@core/keystone/fields')
 const { GQLListSchema } = require('@core/keystone/schema')
 const { historical, versioned, uuided, tracked, softDeleted } = require('@core/keystone/plugins')
+const { Checkbox } = require('@keystonejs/fields')
 
 const { compareStrI } = require('@condo/domains/common/utils/string.utils')
 const { SENDER_FIELD, DV_FIELD, ADDRESS_META_FIELD } = require('@condo/domains/common/schema/fields')
@@ -22,21 +23,17 @@ const {
     JSON_EXPECT_OBJECT_ERROR,
     UNIQUE_ALREADY_EXISTS_ERROR,
 } = require('@condo/domains/common/constants/errors')
-
 const { ORGANIZATION_OWNED_FIELD } = require('@condo/domains/organization/schema/fields')
-
+const { PROPERTY_MAP_JSON_FIELDS } = require('@condo/domains/property/gql')
 const access = require('@condo/domains/property/access/Property')
 const MapSchemaJSON = require('@condo/domains/property/components/panels/Builder/MapJsonSchema.json')
-const { Checkbox } = require('@keystonejs/fields')
-
 const { manageResidentToPropertyAndOrganizationConnections } = require('@condo/domains/resident/tasks')
 const { manageTicketPropertyAddressChange } = require('@condo/domains/ticket/tasks')
 
-
 const { PROPERTY_MAP_GRAPHQL_TYPES, GET_TICKET_INWORK_COUNT_BY_PROPERTY_ID_QUERY, GET_TICKET_CLOSED_COUNT_BY_PROPERTY_ID_QUERY } = require('../gql')
 const { Property: PropertyAPI } = require('../utils/serverSchema')
 const { normalizePropertyMap } = require('../utils/serverSchema/helpers')
-const { PROPERTY_MAP_JSON_FIELDS } = require('@condo/domains/property/gql')
+const { softDeleteTicketHintPropertiesByProperty } = require('../../ticket/utils/serverSchema/resolveHelpers')
 
 const ajv = new Ajv()
 const jsonMapValidator = ajv.compile(MapSchemaJSON)
@@ -327,7 +324,7 @@ const Property = new GQLListSchema('Property', {
             }
             return resolvedData
         },
-        afterChange: async ({ operation, existingItem, updatedItem }) => {
+        afterChange: async ({ context, operation, existingItem, updatedItem }) => {
             const isSoftDeleteOperation = operation === 'update' && !existingItem.deletedAt && Boolean(updatedItem.deletedAt)
             const isCreatedProperty = operation === 'create' && Boolean(updatedItem.address)
             const isRestoredProperty = operation === 'update' && Boolean(existingItem.deletedAt) && !updatedItem.deletedAt
@@ -347,6 +344,10 @@ const Property = new GQLListSchema('Property', {
 
                 // Reconnect residents (if any) to oldest non-deleted property with address = affectedAddress
                 await manageResidentToPropertyAndOrganizationConnections.delay(affectedAddress)
+
+                if (isSoftDeleteOperation) {
+                    await softDeleteTicketHintPropertiesByProperty(context, updatedItem)
+                }
             }
         },
     },
 
@@ -235,7 +235,7 @@ export const BaseTicketForm: React.FC<ITicketFormProps> = (props) => {
     const NoPropertiesMessage = intl.formatMessage({ id: 'pages.condo.ticket.alert.NoProperties' })
     const CanReadByResidentMessage = intl.formatMessage({ id: 'pages.condo.ticket.field.CanReadByResident' })
 
-    const { isSmall } = useLayoutContext()
+    const { isSmall, breakpoints } = useLayoutContext()
 
     const router = useRouter()
 
@@ -395,6 +395,8 @@ export const BaseTicketForm: React.FC<ITicketFormProps> = (props) => {
         setSelectedPropertyId(null)
     }, [])
 
+    const propertyInfoColSpan = isSmall ? 24 : 17
+
     return (
         <>
             <FormWithAction
@@ -420,7 +422,7 @@ export const BaseTicketForm: React.FC<ITicketFormProps> = (props) => {
                             <Row gutter={BIG_VERTICAL_GUTTER}>
                                 <Col span={24}>
                                     <Row gutter={BIG_HORIZONTAL_GUTTER} justify={'space-between'}>
-                                        <Col span={17}>
+                                        <Col span={propertyInfoColSpan}>
                                             <Row gutter={BIG_VERTICAL_GUTTER}>
                                                 <Col span={24}>
                                                     <Row gutter={SMALL_VERTICAL_GUTTER}>
@@ -453,8 +455,8 @@ export const BaseTicketForm: React.FC<ITicketFormProps> = (props) => {
                                                     </Row>
                                                 </Col>
                                                 {
-                                                    isSmall && (
-                                                        <Col span={12}>
+                                                    selectedPropertyId && !breakpoints.xl && (
+                                                        <Col span={24}>
                                                             <TicketPropertyHintCard
                                                                 propertyId={selectedPropertyId}
                                                                 hintContentStyle={TICKET_PROPERTY_HINT_STYLES}
@@ -471,7 +473,7 @@ export const BaseTicketForm: React.FC<ITicketFormProps> = (props) => {
                                             </Row>
                                         </Col>
                                         {
-                                            !isSmall && (
+                                            selectedPropertyId && breakpoints.xl && (
                                                 <Col span={6}>
                                                     <TicketPropertyHintCard
                                                         propertyId={selectedPropertyId}
 
@@ -2,6 +2,8 @@ import { Alert, Col, Form, Input, Row, Typography } from 'antd'
 import { Gutter } from 'antd/es/grid/row'
 import { get, isEmpty } from 'lodash'
 import getConfig from 'next/config'
+import { useRouter } from 'next/router'
+import qs from 'qs'
 import { Rule } from 'rc-field-form/lib/interface'
 import React, { CSSProperties, useCallback, useMemo, useState } from 'react'
 import { Editor } from '@tinymce/tinymce-react'
@@ -35,22 +37,36 @@ const LAYOUT = {
 const HINT_LINK_STYLES: CSSProperties = { color: colors.black, textDecoration: 'underline' }
 const TEXT_STYLES: CSSProperties = { margin: 0 }
 
-const TicketPropertyHintAlert = () => {
+type TicketPropertyHintAlertProps = {
+    hintFilters?: string
+}
+
+const TicketPropertyHintAlert: React.FC<TicketPropertyHintAlertProps> = ({ hintFilters }) => {
     const intl = useIntl()
     const AlertMessage = intl.formatMessage({ id: 'pages.condo.settings.hint.alert.title' })
     const AlertContent = intl.formatMessage({ id: 'pages.condo.settings.hint.alert.content' })
     const ShowHintsMessage = intl.formatMessage({ id: 'pages.condo.settings.hint.alert.showHints' })
 
+    const router = useRouter()
+    const queryFilters = useMemo(() => hintFilters ? { filters: hintFilters } : {}, [hintFilters])
+    const query = useMemo(() => qs.stringify(
+        {
+            tab: 'hint',
+            ...queryFilters,
+        },
+        { arrayFormat: 'comma', skipNulls: true, addQueryPrefix: true },
+    ), [queryFilters])
+    const linkHref = useMemo(() => '/settings' + query, [query])
+    const showHintsMessageHandler = useCallback(() => router.push(linkHref), [linkHref, router])
+
     const AlertDescription = useMemo(() => (
         <>
             <Typography.Paragraph style={TEXT_STYLES}>{AlertContent}</Typography.Paragraph>
-            <a href={'/settings?tab=hint'} target={'_blank'} rel="noreferrer">
-                <Typography.Link style={HINT_LINK_STYLES}>
-                    {ShowHintsMessage}
-                </Typography.Link>
-            </a>
+            <Typography.Link style={HINT_LINK_STYLES} onClick={showHintsMessageHandler}>
+                {ShowHintsMessage}
+            </Typography.Link>
         </>
-    ), [AlertContent, ShowHintsMessage])
+    ), [AlertContent, ShowHintsMessage, showHintsMessageHandler])
 
     return (
         <Alert
@@ -82,17 +98,29 @@ const {
 
 const { TinyMceApiKey } = publicRuntimeConfig
 
-export const BaseTicketPropertyHintForm = ({ children, action, organizationId, initialValues, mode }) => {
+type BaseTicketPropertyHintFormProps = {
+    children
+    action
+    organizationId: string
+    initialValues
+    mode: string
+    hintFilters?: string
+}
+
+export const BaseTicketPropertyHintForm: React.FC<BaseTicketPropertyHintFormProps> = ({ hintFilters, children, action, organizationId, initialValues, mode }) => {
     const intl = useIntl()
     const NameMessage  = intl.formatMessage({ id: 'pages.condo.property.section.form.name' })
     const HintMessage = intl.formatMessage({ id: 'Hint' })
     const BuildingsMessage = intl.formatMessage({ id: 'pages.condo.property.index.TableField.Buildings' })
 
-    const editor_init_values = useMemo(() => ({
+    const router = useRouter()
+
+    const editorInitValues = useMemo(() => ({
         link_title: false,
         contextmenu: '',
         menubar: false,
         elementpath: false,
+        content_style: 'p {margin: 0}',
         plugins: 'link autolink lists',
         toolbar: 'undo redo | ' +
             'link | bold italic backcolor | alignleft aligncenter ' +
@@ -181,6 +209,8 @@ export const BaseTicketPropertyHintForm = ({ children, action, organizationId, i
                 }
             }
         }
+
+        await router.push('/settings?tab=hint')
     }, [action, createTicketPropertyHintPropertyAction, initialPropertyIds, initialValues, organizationId, organizationTicketPropertyHintProperties, softDeleteTicketPropertyHintPropertyAction])
 
     if (organizationTicketPropertyHintPropertiesLoading) {
@@ -194,7 +224,7 @@ export const BaseTicketPropertyHintForm = ({ children, action, organizationId, i
             {
                 mode === 'create' && !isEmpty(propertiesWithTicketPropertyHint) && (
                     <Col span={24}>
-                        <TicketPropertyHintAlert />
+                        <TicketPropertyHintAlert hintFilters={hintFilters} />
                     </Col>
                 )
             }
@@ -262,7 +292,7 @@ export const BaseTicketPropertyHintForm = ({ children, action, organizationId, i
                                             value={editorValue}
                                             onEditorChange={(newValue) => handleEditorChange(newValue, form)}
                                             initialValue={initialContent}
-                                            init={editor_init_values}
+                                            init={editorInitValues}
                                         />
                                     </Col>
                                 </Row>
 
@@ -1,5 +1,4 @@
 import { get } from 'lodash'
-import { useRouter } from 'next/router'
 import React, { useMemo } from 'react'
 
 import { useOrganization } from '@core/next/organization'
@@ -17,11 +16,7 @@ export const CreateTicketPropertyHintForm = () => {
     const SaveLabel = intl.formatMessage({ id: 'Save' })
 
     const { organization } = useOrganization()
-
-    const router = useRouter()
-    const action = TicketPropertyHint.useCreate({ organization: organization.id }, () => {
-        router.push('/settings?tab=hint')
-    })
+    const action = TicketPropertyHint.useCreate({ organization: organization.id }, () => Promise.resolve())
 
     const organizationId = useMemo(() => get(organization, 'id'), [organization])