nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Rename Str2html to SanitizeHTML and clarify its behavior (#29516)

Browse source 
Str2html was abused a lot. So use a proper name for it: SanitizeHTML

And add some tests to show its behavior.
This commit is contained in:
wxiaoguang 2024-03-01 18:16:19 +08:00 committed by GitHub
parent cb52b17f92
commit fb42972c05
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 48 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/templates/helper_test.go
View file

@ -61,3 +61,8 @@ func TestJSEscapeSafe(t *testing.T) {
func TestHTMLFormat(t *testing.T) {
assert.Equal(t, template.HTML("<a>&lt; < 1</a>"), HTMLFormat("<a>%s %s %d</a>", "<", template.HTML("<"), 1))
}
func TestSanitizeHTML(t *testing.T) {
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)))
}