tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-12 13:37:20 +00:00
Code Releases Activity

Rename Str2html to SanitizeHTML and clarify its behavior (#29516)

Browse Source 
Str2html was abused a lot. So use a proper name for it: SanitizeHTML

And add some tests to show its behavior.
This commit is contained in:
wxiaoguang
2024-03-01 18:16:19 +08:00
committed by GitHub
parent cb52b17f92
commit fb42972c05
14 changed files with 48 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/templates/helper_test.go
View File

@ -61,3 +61,8 @@ func TestJSEscapeSafe(t *testing.T) {
func TestHTMLFormat(t *testing.T) {
assert.Equal(t, template.HTML("<a>&lt; < 1</a>"), HTMLFormat("<a>%s %s %d</a>", "<", template.HTML("<"), 1))
}
func TestSanitizeHTML(t *testing.T) {
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)))
}