mirror of
https://git.tuxpa.in/a/code-server.git
synced 2025-01-26 08:48:44 +00:00
fixup! fix: escape error.message on login failure
This commit is contained in:
parent
22a22a8f7a
commit
2092f82270
@ -520,5 +520,5 @@ export function escapeHtml(unsafe: string): string {
|
||||
.replace(/</g, "<")
|
||||
.replace(/>/g, ">")
|
||||
.replace(/"/g, """)
|
||||
.replace(/'/g, "'")
|
||||
.replace(/'/g, "'")
|
||||
}
|
||||
|
@ -448,8 +448,8 @@ describe("onLine", () => {
|
||||
|
||||
describe("escapeHtml", () => {
|
||||
it("should escape HTML", () => {
|
||||
expect(util.escapeHtml(`<div class="error">"Hello & world"</div>`)).toBe(
|
||||
"<div class="error">"Hello & world"</div>",
|
||||
expect(util.escapeHtml(`<div class="error">"'ello & world"</div>`)).toBe(
|
||||
"<div class="error">"'ello & world"</div>",
|
||||
)
|
||||
})
|
||||
})
|
||||
|
@ -60,18 +60,14 @@ describe("login", () => {
|
||||
process.env.PASSWORD = previousEnvPassword
|
||||
})
|
||||
|
||||
it("should return escaped HTML with 'Missing password' message", async () => {
|
||||
it("should return HTML with 'Missing password' message", async () => {
|
||||
const resp = await codeServer().fetch("/login", { method: "POST" })
|
||||
|
||||
expect(resp.status).toBe(200)
|
||||
|
||||
const htmlContent = await resp.text()
|
||||
|
||||
expect(htmlContent).not.toContain(">")
|
||||
expect(htmlContent).not.toContain("<")
|
||||
expect(htmlContent).not.toContain('"')
|
||||
expect(htmlContent).not.toContain("'")
|
||||
expect(htmlContent).toContain("<div class="error">Missing password</div>")
|
||||
expect(htmlContent).toContain("Missing password")
|
||||
})
|
||||
})
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user