aboutsummaryrefslogtreecommitdiffstats
path: root/modules/markup/sanitizer_test.go
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-04-05 22:38:31 +0100
committerGitHub <noreply@github.com>2021-04-05 17:38:31 -0400
commit04196b7658d70a1dee22a25aeb26e3d1587c316f (patch)
tree9095331975714251797154d069ca01ead6f60999 /modules/markup/sanitizer_test.go
parente10d028b039af5d63ef29f4c33fb04029da3d5a8 (diff)
downloadgitea-04196b7658d70a1dee22a25aeb26e3d1587c316f.tar.gz
gitea-04196b7658d70a1dee22a25aeb26e3d1587c316f.zip
Update to bluemonday-1.0.6 (#15294)
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/markup/sanitizer_test.go')
-rw-r--r--modules/markup/sanitizer_test.go12
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/markup/sanitizer_test.go b/modules/markup/sanitizer_test.go
index 63b70166d8..9e173015d6 100644
--- a/modules/markup/sanitizer_test.go
+++ b/modules/markup/sanitizer_test.go
@@ -6,6 +6,8 @@
package markup
import (
+ "html/template"
+ "strings"
"testing"
"github.com/stretchr/testify/assert"
@@ -50,3 +52,13 @@ func Test_Sanitizer(t *testing.T) {
assert.Equal(t, testCases[i+1], string(SanitizeBytes([]byte(testCases[i]))))
}
}
+
+func TestSanitizeNonEscape(t *testing.T) {
+ descStr := "<scrİpt>&lt;script&gt;alert(document.domain)&lt;/script&gt;</scrİpt>"
+
+ output := template.HTML(Sanitize(string(descStr)))
+ if strings.Contains(string(output), "<script>") {
+ t.Errorf("un-escaped <script> in output: %q", output)
+ }
+
+}