smig/excalidraw
1
0
Fork 0
mirror of https://github.com/excalidraw/excalidraw.git synced 2025-05-03 10:00:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: make HTML attribute sanitization stricter (#8977)

Browse source 
* feat: make HTML attribute sanitization stricter

* fix double escape
This commit is contained in:
David Luzar 2025-01-05 21:45:04 +01:00 committed by GitHub
parent c84babf574
commit b63689c230
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 32 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

16
packages/excalidraw/tests/utils.test.ts
View file

@ -1,13 +1,19 @@
import * as utils from "../utils";
import { isTransparent, sanitizeHTMLAttribute } from "../utils";
describe("Test isTransparent", () => {
it("should return true when color is rgb transparent", () => {
expect(utils.isTransparent("#ff00")).toEqual(true);
expect(utils.isTransparent("#fff00000")).toEqual(true);
expect(utils.isTransparent("transparent")).toEqual(true);
expect(isTransparent("#ff00")).toEqual(true);
expect(isTransparent("#fff00000")).toEqual(true);
expect(isTransparent("transparent")).toEqual(true);
});
it("should return false when color is not transparent", () => {
expect(utils.isTransparent("#ced4da")).toEqual(false);
expect(isTransparent("#ced4da")).toEqual(false);
});
});
describe("sanitizeHTMLAttribute()", () => {
it("should escape HTML attribute special characters & not double escape", () => {
expect(sanitizeHTMLAttribute(`&"'><`)).toBe("&amp;&quot;&#39;&gt;&lt;");
});
});