Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

node tests: Add tests for escaped attributes in vdom.

This commit is contained in:
Steve Howell 2020-02-14 15:44:13 +00:00 committed by Tim Abbott
parent 4fbcbeeea7
commit d536e9f27b
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
frontend_tests/node_tests/vdom.js
View File

@ -22,7 +22,31 @@ run_test('basics', () => {
);
});
run_test('attributes', () => {
run_test('attribute escaping', () => {
// So far most of the time our attributes are
// hard-coded classes like "expanded_private_messages",
// but we need to be defensive about future code
// that might use data from possibly malicious users.
const opts = {
keyed_nodes: [],
attrs: [
['class', '">something evil<div class="'],
['title', 'apples & oranges'],
],
};
const ul = vdom.ul(opts);
const html = vdom.render_tag(ul);
assert.equal(
html,
'<ul class="&quot;&gt;something evil&lt;div class=&quot;" ' +
'title="apples &amp; oranges">\n\n</ul>'
);
});
run_test('attribute updates', () => {
const opts = {
keyed_nodes: [],
attrs: [