fix: sanitize back to application html text

[lekhmanrus]

Summary by CodeRabbit

• Bug Fixes

  • Correctly renders the “Back to application” link with translation formatting on account and logout confirmation pages.
  • Ensures any HTML in translated link text is safely sanitized before display.
  • Improves consistency of link behavior when a return URL is available.

• Refactor

  • Updated templates to use safe HTML rendering for translated link content, aligning both pages with a consistent approach.

[coderabbitai]

Walkthrough

Introduces sanitized HTML rendering for “back to application” links in account and logout-confirm pages. Updates templates to use [innerHTML] with a sanitizer pipe and adjusts one href binding to a non-null assertion. Corresponding components import KcSanitizePipe to enable the template changes.

Changes

Cohort / File(s)	Summary
Account back link sanitization src/account/pages/account/account.component.html, src/account/pages/account/account.component.ts	HTML now uses [innerHTML] bound to i18n.msgStr(...) piped through KcSanitizePipe and switches [href]="referrer?.url" to [href]="referrer!.url". Component adds KcSanitizePipe to imports.
Logout confirm back link sanitization src/login/pages/logout-confirm/logout-confirm.component.html, src/login/pages/logout-confirm/logout-confirm.component.ts	HTML renders the back link label via [innerHTML] with KcSanitizePipe. Component metadata updated to include KcSanitizePipe in imports.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• garronej

Poem

A bunny blinks at links that gleam,
Now scrubbed and clean with sanitizer’s sheen.
Hop-hop, the back path’s sharp and bright,
HTML tidied, set just right.
With whisker-twitch and code delight,
We bound along—safe text in sight. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly describes the main change of sanitizing the “back to application” HTML text, which aligns precisely with the template updates and pipe imports introduced in this pull request.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a61f9bb and bb3d165.

📒 Files selected for processing (4)

• src/account/pages/account/account.component.html (1 hunks)
• src/account/pages/account/account.component.ts (1 hunks)
• src/login/pages/logout-confirm/logout-confirm.component.html (1 hunks)
• src/login/pages/logout-confirm/logout-confirm.component.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/account/pages/account/account.component.ts (2)

src/login/pages/login-username/login-username.component.ts (1)

• Component (14-44)

src/login/pages/login/login.component.ts (1)

• Component (15-46)

🔇 Additional comments (7)

src/account/pages/account/account.component.ts (2)

10-10: LGTM!

The KcSanitizePipe import follows the established pattern used in other login components (e.g., LoginComponent, LoginUsernameComponent as shown in the relevant code snippets).

---

15-15: LGTM!

The pipe is correctly added to the component's imports array, enabling sanitized HTML rendering in the template.

src/account/pages/account/account.component.html (2)

141-141: Non-null assertion is appropriate here.

The change from referrer?.url to referrer!.url is correct since the @if (referrer) conditional on line 139 already ensures that referrer exists at this point.

---

142-142: Verify that the i18n string contains HTML content.

Similar to the logout-confirm component, ensure that i18n.msgStr('backToApplication') actually returns HTML markup that requires sanitization. If it's plain text, the innerHTML binding adds unnecessary complexity.

This can be verified using the same script suggested for the logout-confirm component.

src/login/pages/logout-confirm/logout-confirm.component.ts (2)

2-2: LGTM!

The KcSanitizePipe import is correctly added to enable HTML sanitization in the template.

---

11-11: LGTM!

The pipe is correctly added to the component's imports array, making it available for use in the logout-confirm template.

src/login/pages/logout-confirm/logout-confirm.component.html (1)

45-49: Verify translation content type for ‘backToApplication’. Confirm the i18n key returns HTML markup that requires innerHTML + kcSanitize. If it’s plain text, switch to interpolation ({{ i18n.msgStr('backToApplication') }}) or [textContent] to avoid unnecessary sanitization.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[luca-peruzzo]

@lekhmanrus thank you!