diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-22 14:20:17 +0100 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-22 14:20:17 +0100 |
| commit | b9caf242287ffc917d41000a00d2c9b160ced9a6 (patch) | |
| tree | f1e593c26eab114248d90c5d1dd5a776b3bcd524 /cypress | |
| parent | 4121b841de5cdeb204c166f8f23f1621c00a9102 (diff) | |
| download | nextcloud-server-b9caf242287ffc917d41000a00d2c9b160ced9a6.tar.gz nextcloud-server-b9caf242287ffc917d41000a00d2c9b160ced9a6.zip | |
fix(files): Do not escape file names for filepicker buttons
The text is already escaped by Vue, so we should not escape or sanitize the filename.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'cypress')
| -rw-r--r-- | cypress/e2e/files/FilesUtils.ts | 2 | ||||
| -rw-r--r-- | cypress/e2e/files/files_copy-move.cy.ts | 38 |
2 files changed, 39 insertions, 1 deletions
diff --git a/cypress/e2e/files/FilesUtils.ts b/cypress/e2e/files/FilesUtils.ts index 798b9b5f60d..3ec3f93fd37 100644 --- a/cypress/e2e/files/FilesUtils.ts +++ b/cypress/e2e/files/FilesUtils.ts @@ -90,7 +90,7 @@ export const copyFile = (fileName: string, dirName: string) => { cy.contains('button', 'Copy').should('be.visible').click() } else { // select folder - cy.get(`[data-filename="${dirName}"]`).should('be.visible').click() + cy.get(`[data-filename="${CSS.escape(dirName)}"]`).should('be.visible').click() // click copy cy.contains('button', `Copy to ${dirName}`).should('be.visible').click() } diff --git a/cypress/e2e/files/files_copy-move.cy.ts b/cypress/e2e/files/files_copy-move.cy.ts index 823e8b9c38b..7fd5b613866 100644 --- a/cypress/e2e/files/files_copy-move.cy.ts +++ b/cypress/e2e/files/files_copy-move.cy.ts @@ -35,6 +35,7 @@ describe('Files: Move or copy files', { testIsolation: true }, () => { cy.deleteUser(currentUser) }) + it('Can copy a file to new folder', () => { // Prepare initial state cy.uploadContent(currentUser, new Blob(), 'text/plain', '/original.txt') @@ -136,4 +137,41 @@ describe('Files: Move or copy files', { testIsolation: true }, () => { getRowForFile('original.txt').should('be.visible') getRowForFile('original (copy 2).txt').should('be.visible') }) + + /** Test for https://github.com/nextcloud/server/issues/43329 */ + context.only('escaping file and folder names', () => { + it('Can handle files with special characters', () => { + cy.uploadContent(currentUser, new Blob(), 'text/plain', '/original.txt') + .mkdir(currentUser, '/can\'t say') + cy.login(currentUser) + cy.visit('/apps/files') + + copyFile('original.txt', 'can\'t say') + + navigateToFolder('can\'t say') + + cy.url().should('contain', 'dir=/can%27t%20say') + getRowForFile('original.txt').should('be.visible') + getRowForFile('can\'t say').should('not.exist') + }) + + /** + * If escape is set to false (required for test above) then "<a>foo" would result in "<a>foo</a>" if sanitizing is not disabled + * We should disable it as vue already escapes the text when using v-text + */ + it('does not incorrectly sanitize file names', () => { + cy.uploadContent(currentUser, new Blob(), 'text/plain', '/original.txt') + .mkdir(currentUser, '/<a href="#">foo') + cy.login(currentUser) + cy.visit('/apps/files') + + copyFile('original.txt', '<a href="#">foo') + + navigateToFolder('<a href="#">foo') + + cy.url().should('contain', 'dir=/%3Ca%20href%3D%22%23%22%3Efoo') + getRowForFile('original.txt').should('be.visible') + getRowForFile('<a href="#">foo').should('not.exist') + }) + }) }) |