confirm未对显示内容过滤防止xss攻击

[x412773090]

Reproduction link

https://ng-zorro-antd-ivy-cjm9xv.stackblitz.io

Steps to reproduce

import { Component } from '@angular/core';
import { NzModalService } from 'ng-zorro-antd/modal';

@Component({
  selector: 'my-app',
  template: `
    <input nz-input [(ngModel)]="input">

    <button 
      (click)="openConfirm()"
      nz-button
      type="button">confirm</button>
  `,
})
export class AppComponent {
  input = 'delete [<a href="https://bing.com">link</a>] ?';

  constructor(private nzModalService: NzModalService) {}

  openConfirm(): void {
    this.nzModalService.confirm({
      nzTitle: this.input,
    });
  }
}

What is expected?

链接不可被点击

What is actually happening?

点击链接可跳转到外部网站

Environment	Info
ng-zorro-antd	17.4.0
Browser	chrome

[zorro-bot]

Translation of this issue:

Confirm does not use the display content filtering to prevent XSS attacks

REPRODUCTION LINK

[https://ng-zorro-mtd- ivy-cjm9xv.stackblitz.io] (https://ng-zorro-ntd-Ivy-cjm9xv.stackblitz.io))))))))

STEPS To Reproduce

`` Text

Import {component} from '@angular/core';
import {nzmodalService} from 'ng-zorro -NTD/MODAL';

@component ({{
Selector: 'My-APP',
template: `
<input nz-input [(ngmodel)] = "input">

<Button
  (click) = "OpenConfirm ()" "
  nz-button
  Type = "Button"> Confirm </Button>

`,
})
export class appcomponent {
input = 'delete [ link ]?';

Constructionor (Private NzmodalService: NZMODALSERVICE) {}

OpenConfirm (): void {
this.nzmodalService.confirm ({
nztitle: this.input,
});
}
}
`` `

What is exfected?

The link cannot be clicked

What is actually happy?

Click the link to jump to the external website

| ENVIRONMENT | Info |
| --- | --- | |
| NG-Zorro-ATD | 17.4.0 |
| Browser | Chrome |