deps: bump sanitize-html

This commit is contained in:
Calvin Montgomery 2021-03-21 21:31:20 -07:00
parent 99559d8fda
commit 0b57f528bf
2 changed files with 8 additions and 2 deletions

View file

@ -32,7 +32,7 @@
"proxy-addr": "^2.0.6", "proxy-addr": "^2.0.6",
"pug": "^3.0.2", "pug": "^3.0.2",
"redis": "^3.0.2", "redis": "^3.0.2",
"sanitize-html": "^1.14.1", "sanitize-html": "^2.3.3",
"serve-static": "^1.14.1", "serve-static": "^1.14.1",
"socket.io": "^2.0.3", "socket.io": "^2.0.3",
"source-map-support": "^0.5.19", "source-map-support": "^0.5.19",

View file

@ -5,7 +5,13 @@ describe('XSS', () => {
describe('sanitizeHTML', () => { describe('sanitizeHTML', () => {
it('behaves consistently w.r.t. special chars used in emotes', () => { it('behaves consistently w.r.t. special chars used in emotes', () => {
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t'; const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\\\&#%+á\t'; const expected = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
assert.strictEqual(XSS.sanitizeHTML(input), expected);
});
it('disallows iframes', () => {
const input = '<iframe src="https://example.com"></iframe>';
const expected = '';
assert.strictEqual(XSS.sanitizeHTML(input), expected); assert.strictEqual(XSS.sanitizeHTML(input), expected);
}); });
}); });