1
0
mirror of https://github.com/laurent22/joplin.git synced 2025-07-16 00:14:34 +02:00

Merge pull request from GHSA-m59c-9rrj-c399

* Sanitize HTML in processPastedHtml

* Add test
This commit is contained in:
Henry Heino
2023-07-27 07:41:57 -07:00
committed by GitHub
parent b9659bb9c1
commit a0ec928fca
6 changed files with 48 additions and 4 deletions

View File

@ -0,0 +1,20 @@
import { processPastedHtml } from './resourceHandling';
describe('resourceHandling', () => {
it('should sanitize pasted HTML', async () => {
const testCases = [
['Test: <style onload="evil()"></style>', 'Test: <style></style>'],
['<a href="javascript: alert()">test</a>', '<a href="#">test</a>'],
['<script >evil()</script>', ''],
['<script>evil()</script>', ''],
[
'<img onload="document.body.innerHTML = evil;" src="data:image/svg+xml;base64,=="/>',
'<img src="data:image/svg+xml;base64,=="/>',
],
];
for (const [html, expected] of testCases) {
expect(await processPastedHtml(html)).toBe(expected);
}
});
});