mirror_css/bootstrap
1
0
Fork 0
mirror of https://github.com/twbs/bootstrap.git synced 2025-08-11 16:14:04 +02:00
Code Issues Releases Wiki Activity

Change whitelist to allowlist (#31066)

Browse Source 
Co-authored-by: XhmikosR <xhmikosr@gmail.com>
Co-authored-by: Mark Otto <markd.otto@gmail.com>
This commit is contained in:
Patrick H. Lauke
2020-06-19 09:31:37 +01:00
committed by GitHub
parent 7acf586d3e
commit edbcc401c2
8 changed files with 34 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
js/tests/unit/util/sanitizer.spec.js
View File

@@ -1,11 +1,11 @@
import { DefaultWhitelist, sanitizeHtml } from '../../../src/util/sanitizer'
import { DefaultAllowlist, sanitizeHtml } from '../../../src/util/sanitizer'
describe('Sanitizer', () => {
describe('sanitizeHtml', () => {
it('should return the same on empty string', () => {
const empty = ''
const result = sanitizeHtml(empty, DefaultWhitelist, null)
const result = sanitizeHtml(empty, DefaultAllowlist, null)
expect(result).toEqual(empty)
})
@@ -18,7 +18,7 @@ describe('Sanitizer', () => {
'</div>'
].join('')
const result = sanitizeHtml(template, DefaultWhitelist, null)
const result = sanitizeHtml(template, DefaultAllowlist, null)
expect(result.indexOf('script') === -1).toEqual(true)
})
@@ -30,20 +30,20 @@ describe('Sanitizer', () => {
'</div>'
].join('')
const result = sanitizeHtml(template, DefaultWhitelist, null)
const result = sanitizeHtml(template, DefaultAllowlist, null)
expect(result.indexOf('aria-pressed') !== -1).toEqual(true)
expect(result.indexOf('class="test"') !== -1).toEqual(true)
})
it('should remove not whitelist tags', () => {
it('should remove tags not in allowlist', () => {
const template = [
'<div>',
' <script>alert(7)</script>',
'</div>'
].join('')
const result = sanitizeHtml(template, DefaultWhitelist, null)
const result = sanitizeHtml(template, DefaultAllowlist, null)
expect(result.indexOf('<script>') === -1).toEqual(true)
})
@@ -61,7 +61,7 @@ describe('Sanitizer', () => {
spyOn(DOMParser.prototype, 'parseFromString')
const result = sanitizeHtml(template, DefaultWhitelist, mySanitize)
const result = sanitizeHtml(template, DefaultAllowlist, mySanitize)
expect(result).toEqual(template)
expect(DOMParser.prototype.parseFromString).not.toHaveBeenCalled()