feat: make HTML attribute sanitization stricter (#8977)
* feat: make HTML attribute sanitization stricter * fix double escape
This commit is contained in:
@@ -25,6 +25,7 @@ describe("normalizeLink", () => {
|
||||
expect(normalizeLink("file://")).toBe("file://");
|
||||
expect(normalizeLink("[test](https://test)")).toBe("[test](https://test)");
|
||||
expect(normalizeLink("[[test]]")).toBe("[[test]]");
|
||||
expect(normalizeLink("<test>")).toBe("<test>");
|
||||
expect(normalizeLink("<test>")).toBe("<test>");
|
||||
expect(normalizeLink("test&")).toBe("test&");
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
import { sanitizeUrl } from "@braintree/sanitize-url";
|
||||
|
||||
export const sanitizeHTMLAttribute = (html: string) => {
|
||||
return html.replace(/"/g, """);
|
||||
};
|
||||
import { sanitizeHTMLAttribute } from "../utils";
|
||||
|
||||
export const normalizeLink = (link: string) => {
|
||||
link = link.trim();
|
||||
|
||||
Reference in New Issue
Block a user