This commit is contained in:
Calvin Montgomery 2018-10-21 22:18:22 -07:00
parent 5b86fb3187
commit 801d3d9be1
3 changed files with 11 additions and 2 deletions

View file

@ -1,3 +1,12 @@
2018-10-21
==========
The `sanitize-html` dependency has made a change that results in `"` no longer
being replaced by `"` when not inside an HTML attribute value. This
potentially breaks any chat filters matching quotes as `"` (on my
particular instance, this seems to be quite rare). These filters will need to
be updated in order to continue matching quotes.
2018-08-27 2018-08-27
========== ==========

View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.58.4", "version": "3.59.0",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

View file

@ -5,7 +5,7 @@ describe('XSS', () => {
describe('sanitizeHTML', () => { describe('sanitizeHTML', () => {
it('behaves consistently w.r.t. special chars used in emotes', () => { it('behaves consistently w.r.t. special chars used in emotes', () => {
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t'; const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\\\&#%+á\t'; const expected = '`^~=| _-,;:!?/."()[]{}@$*\\\\&#%+á\t';
assert.strictEqual(XSS.sanitizeHTML(input), expected); assert.strictEqual(XSS.sanitizeHTML(input), expected);
}); });
}); });