Merge pull request #496 from wazuh/3.9-xml-parser

Escape not allowed characters

SplunkAppForWazuh/appserver/static/js/directives/wz-xml-file-editor/wz-xml-file-editor.js

@@ -34,11 +34,33 @@ define([
         targetName: '=targetName'
       },
       controller($scope, $document, $notificationService, $groupHandler) {
+        String.prototype.xmlReplace = function (str, newstr) {
+          return this.split(str).join(newstr)
+        }
+
         let firstTime = true
+        const parser = new DOMParser();// eslint-disable-line
+
+        const replaceXML = text => {
+          const oDom = parser.parseFromString(text, 'text/html')
+          const lines = oDom.documentElement.textContent.split('\n')
+          for (const line of lines) {
+            const sanitized = line
+              .trim()
+              .replace(/&/g, '&')
+              .replace(/</g, '\&lt;')
+              .replace(/>/g, '\&gt;')
+              .replace(/"/g, '\&quot;')
+              .replace(/'/g, '\&apos;')
+            text = text.xmlReplace(line.trim(), sanitized)
+          }
+          return text
+        }
+
         const checkXmlParseError = () => {
           try {
-            const parser = new DOMParser() // eslint-disable-line
-            const xml = $scope.xmlCodeBox.getValue()
+            const text = $scope.xmlCodeBox.getValue()
+            const xml = replaceXML(text)
             const xmlDoc = parser.parseFromString(
               '<file>' + xml + '</file>',
               'text/xml'