deps: bump sanitize-html
This commit is contained in:
parent
99559d8fda
commit
0b57f528bf
|
@ -32,7 +32,7 @@
|
||||||
"proxy-addr": "^2.0.6",
|
"proxy-addr": "^2.0.6",
|
||||||
"pug": "^3.0.2",
|
"pug": "^3.0.2",
|
||||||
"redis": "^3.0.2",
|
"redis": "^3.0.2",
|
||||||
"sanitize-html": "^1.14.1",
|
"sanitize-html": "^2.3.3",
|
||||||
"serve-static": "^1.14.1",
|
"serve-static": "^1.14.1",
|
||||||
"socket.io": "^2.0.3",
|
"socket.io": "^2.0.3",
|
||||||
"source-map-support": "^0.5.19",
|
"source-map-support": "^0.5.19",
|
||||||
|
|
|
@ -5,7 +5,13 @@ describe('XSS', () => {
|
||||||
describe('sanitizeHTML', () => {
|
describe('sanitizeHTML', () => {
|
||||||
it('behaves consistently w.r.t. special chars used in emotes', () => {
|
it('behaves consistently w.r.t. special chars used in emotes', () => {
|
||||||
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
|
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
|
||||||
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\\\&#%+á\t';
|
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
|
||||||
|
assert.strictEqual(XSS.sanitizeHTML(input), expected);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('disallows iframes', () => {
|
||||||
|
const input = '<iframe src="https://example.com"></iframe>';
|
||||||
|
const expected = '';
|
||||||
assert.strictEqual(XSS.sanitizeHTML(input), expected);
|
assert.strictEqual(XSS.sanitizeHTML(input), expected);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue