aboutsummaryrefslogtreecommitdiffstats
path: root/modules/markup/sanitizer_default_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/markup/sanitizer_default_test.go')
-rw-r--r--modules/markup/sanitizer_default_test.go6
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/markup/sanitizer_default_test.go b/modules/markup/sanitizer_default_test.go
index e6fbae5056..e5ba018e1b 100644
--- a/modules/markup/sanitizer_default_test.go
+++ b/modules/markup/sanitizer_default_test.go
@@ -62,9 +62,13 @@ func TestSanitizer(t *testing.T) {
`<a href="javascript:alert('xss')">bad</a>`, `bad`,
`<a href="vbscript:no">bad</a>`, `bad`,
`<a href="data:1234">bad</a>`, `bad`,
+
+ // Some classes and attributes are used by the frontend framework and will execute JS code, so make sure they are removed
+ `<div class="link-action" data-attr-class="foo" data-url="xxx">txt</div>`, `<div data-attr-class="foo">txt</div>`,
+ `<div class="form-fetch-action" data-markdown-generated-content="bar" data-global-init="a" data-global-click="b">txt</div>`, `<div data-markdown-generated-content="bar">txt</div>`,
}
for i := 0; i < len(testCases); i += 2 {
- assert.Equal(t, testCases[i+1], Sanitize(testCases[i]))
+ assert.Equal(t, testCases[i+1], string(Sanitize(testCases[i])))
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 05:23:18 +0000