DataGrid: replace html data with string for security (#32492)

Author: anna-shakhova

apps/demos/Demos/DataGrid/FocusedRow/Angular/app/app.component.css

@@ -21,6 +21,7 @@
   font-size: 14px;
   margin-top: 0;
   margin-bottom: 0;
+  white-space: pre-line;
 }
 
 .progress {

apps/demos/Demos/DataGrid/FocusedRow/Angular/app/app.component.html

@@ -26,7 +26,7 @@
 <div class="task-info">
   <div class="info">
     <div id="taskSubject">{{ taskSubject }}</div>
-    <p id="taskDetails" [innerHtml]="taskDetailsHtml"></p>
+    <p id="taskDetails">{{ taskDetails }}</p>
   </div>
   <div class="progress">
     <span id="taskStatus">{{ taskStatus }}</span>

apps/demos/Demos/DataGrid/FocusedRow/Angular/app/app.component.ts

@@ -1,5 +1,4 @@
-import { bootstrapApplication,
-  DomSanitizer, SafeHtml } from '@angular/platform-browser';
+import { bootstrapApplication } from '@angular/platform-browser';
 import { Component, ViewChild, enableProdMode, provideZoneChangeDetection } from '@angular/core';
 
 import { DxNumberBoxComponent, DxNumberBoxModule, DxCheckBoxModule } from 'devextreme-angular';
@@ -37,7 +36,7 @@ export class AppComponent {
 
   taskSubject: string;
 
-  taskDetailsHtml: SafeHtml;
+  taskDetails: string;
 
   taskStatus: string;
 
@@ -72,7 +71,7 @@ export class AppComponent {
     },
   ];
 
-  constructor(private sanitizer: DomSanitizer, service: Service) {
+  constructor(service: Service) {
     this.dataSource = new DataSource({
       store: new ArrayStore({
         data: service.getTasks(),
@@ -103,7 +102,7 @@ export class AppComponent {
   onFocusedRowChanged(e: DxDataGridTypes.FocusedRowChangedEvent<Task, number>) {
     const data = e.row?.data;
     this.taskSubject = data?.Task_Subject ?? '';
-    this.taskDetailsHtml = this.sanitizer.bypassSecurityTrustHtml(data?.Task_Description ?? '');
+    this.taskDetails = data?.Task_Description ?? '';
     this.taskStatus = data?.Task_Status ?? '';
     this.taskProgress = data?.Task_Completion ? `${data?.Task_Completion}%` : '';
   }

apps/demos/Demos/DataGrid/FocusedRow/Angular/app/app.service.ts

@@ -102,7 +102,7 @@ const App = () => {
       <div className="task-info">
         <div className="info">
           <div id="taskSubject">{taskSubject}</div>
-          <p id="taskDetails" dangerouslySetInnerHTML={{ __html: taskDetails }}></p>
+          <p id="taskDetails">{taskDetails}</p>
         </div>
         <div className="progress">
           <span id="taskStatus">{taskStatus}</span>

apps/demos/Demos/DataGrid/FocusedRow/React/App.tsx

@@ -21,6 +21,7 @@
   font-size: 14px;
   margin-top: 0;
   margin-bottom: 0;
+  white-space: pre-line;
 }
 
 .progress {

apps/demos/Demos/DataGrid/FocusedRow/React/data.ts

@@ -97,10 +97,7 @@ const App = () => {
       <div className="task-info">
         <div className="info">
           <div id="taskSubject">{taskSubject}</div>
-          <p
-            id="taskDetails"
-            dangerouslySetInnerHTML={{ __html: taskDetails }}
-          ></p>
+          <p id="taskDetails">{taskDetails}</p>
         </div>
         <div className="progress">
           <span id="taskStatus">{taskStatus}</span>

apps/demos/Demos/DataGrid/FocusedRow/React/styles.css

@@ -21,6 +21,7 @@
   font-size: 14px;
   margin-top: 0;
   margin-bottom: 0;
+  white-space: pre-line;
 }
 
 .progress {