Archived
1
0

fixup! fix: escape error.message on login failure

This commit is contained in:
Joe Previte 2021-06-30 10:37:08 -07:00
parent 22a22a8f7a
commit 2092f82270
No known key found for this signature in database
GPG Key ID: 2C91590C6B742C24
3 changed files with 5 additions and 9 deletions

View File

@ -520,5 +520,5 @@ export function escapeHtml(unsafe: string): string {
.replace(/</g, "&lt;") .replace(/</g, "&lt;")
.replace(/>/g, "&gt;") .replace(/>/g, "&gt;")
.replace(/"/g, "&quot;") .replace(/"/g, "&quot;")
.replace(/'/g, "&#039;") .replace(/'/g, "&apos;")
} }

View File

@ -448,8 +448,8 @@ describe("onLine", () => {
describe("escapeHtml", () => { describe("escapeHtml", () => {
it("should escape HTML", () => { it("should escape HTML", () => {
expect(util.escapeHtml(`<div class="error">"Hello & world"</div>`)).toBe( expect(util.escapeHtml(`<div class="error">"'ello & world"</div>`)).toBe(
"&lt;div class=&quot;error&quot;&gt;&quot;Hello &amp; world&quot;&lt;/div&gt;", "&lt;div class=&quot;error&quot;&gt;&quot;&apos;ello &amp; world&quot;&lt;/div&gt;",
) )
}) })
}) })

View File

@ -60,18 +60,14 @@ describe("login", () => {
process.env.PASSWORD = previousEnvPassword process.env.PASSWORD = previousEnvPassword
}) })
it("should return escaped HTML with 'Missing password' message", async () => { it("should return HTML with 'Missing password' message", async () => {
const resp = await codeServer().fetch("/login", { method: "POST" }) const resp = await codeServer().fetch("/login", { method: "POST" })
expect(resp.status).toBe(200) expect(resp.status).toBe(200)
const htmlContent = await resp.text() const htmlContent = await resp.text()
expect(htmlContent).not.toContain(">") expect(htmlContent).toContain("Missing password")
expect(htmlContent).not.toContain("<")
expect(htmlContent).not.toContain('"')
expect(htmlContent).not.toContain("'")
expect(htmlContent).toContain("&lt;div class=&quot;error&quot;&gt;Missing password&lt;/div&gt;")
}) })
}) })
}) })