diff options
author | zeripath <art27@cantab.net> | 2021-04-05 22:38:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-05 17:38:31 -0400 |
commit | 04196b7658d70a1dee22a25aeb26e3d1587c316f (patch) | |
tree | 9095331975714251797154d069ca01ead6f60999 /modules/markup/sanitizer_test.go | |
parent | e10d028b039af5d63ef29f4c33fb04029da3d5a8 (diff) | |
download | gitea-04196b7658d70a1dee22a25aeb26e3d1587c316f.tar.gz gitea-04196b7658d70a1dee22a25aeb26e3d1587c316f.zip |
Update to bluemonday-1.0.6 (#15294)
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/markup/sanitizer_test.go')
-rw-r--r-- | modules/markup/sanitizer_test.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/markup/sanitizer_test.go b/modules/markup/sanitizer_test.go index 63b70166d8..9e173015d6 100644 --- a/modules/markup/sanitizer_test.go +++ b/modules/markup/sanitizer_test.go @@ -6,6 +6,8 @@ package markup import ( + "html/template" + "strings" "testing" "github.com/stretchr/testify/assert" @@ -50,3 +52,13 @@ func Test_Sanitizer(t *testing.T) { assert.Equal(t, testCases[i+1], string(SanitizeBytes([]byte(testCases[i])))) } } + +func TestSanitizeNonEscape(t *testing.T) { + descStr := "<scrİpt><script>alert(document.domain)</script></scrİpt>" + + output := template.HTML(Sanitize(string(descStr))) + if strings.Contains(string(output), "<script>") { + t.Errorf("un-escaped <script> in output: %q", output) + } + +} |