🔒 Linkify refacto

src/src/app/shared/linkify.pipe.ts

@@ -5,13 +5,31 @@ import { DomSanitizer, SafeHtml } from "@angular/platform-browser";
 export class LinkifyPipe implements PipeTransform {
   constructor(private sanitizer: DomSanitizer) {}
 
+  private basicEscape(text: string): string {
+    return text.replace(
+      /[&<>"']/g,
+      (char) =>
+        ({
+          "&": "&amp;",
+          "<": "&lt;",
+          ">": "&gt;",
+          '"': "&quot;",
+          "'": "&#39;",
+        })[char]!,
+    );
+  }
+
   transform(text: string): SafeHtml {
     if (!text) return text;
 
     const urlRegex = /((https?:\/\/|www\.)[^\s]+)/g;
-    const html = text.replace(urlRegex, (url) => {
-      return `<a href="${url}" target="_blank">${url}</a>`;
+    const safeText = this.basicEscape(text);
+
+    const html = safeText.replace(urlRegex, (url) => {
+      const href = url.startsWith("http") ? url : `https://${url}`;
+      return `<a href="${href}" target="_blank">${url}</a>`;
     });
+
     return this.sanitizer.bypassSecurityTrustHtml(html);
   }
 }