github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-25 19:29:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Escape HTML in dashboard report tables

Browse Source
This commit is contained in:
David Taylor
2019-02-01 13:10:59 +00:00
parent 68173cd234
commit 5c9426be48
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/javascripts/models/report-test.js.es6
View File

@ -402,9 +402,9 @@ QUnit.test("computed labels", assert => {
time_read: 287362,
note: "This is a long note",
topic_id: 2,
topic_title: "Test topic",
topic_title: "Test topic <html>",
post_number: 3,
post_raw: "This is the beginning of",
post_raw: "This is the beginning of <html>",
filesize: 582641
}
];
@ -502,9 +502,9 @@ QUnit.test("computed labels", assert => {
const computedTopicLabel = topicLabel.compute(row);
assert.equal(
computedTopicLabel.formatedValue,
"<a href='/t/-/2'>Test topic</a>"
"<a href='/t/-/2'>Test topic &lt;html&gt;</a>"
);
assert.equal(computedTopicLabel.value, "Test topic");
assert.equal(computedTopicLabel.value, "Test topic <html>");
const postLabel = computedLabels[5];
assert.equal(postLabel.mainProperty, "post_raw");
@ -514,9 +514,9 @@ QUnit.test("computed labels", assert => {
const computedPostLabel = postLabel.compute(row);
assert.equal(
computedPostLabel.formatedValue,
"<a href='/t/-/2/3'>This is the beginning of</a>"
"<a href='/t/-/2/3'>This is the beginning of &lt;html&gt;</a>"
);
assert.equal(computedPostLabel.value, "This is the beginning of");
assert.equal(computedPostLabel.value, "This is the beginning of <html>");
const filesizeLabel = computedLabels[6];
assert.equal(filesizeLabel.mainProperty, "filesize");
@ -533,11 +533,11 @@ QUnit.test("computed labels", assert => {
const postLink = computedLabels[5].compute(row).formatedValue;
assert.equal(
postLink,
"<a href='/forum/t/-/2/3'>This is the beginning of</a>"
"<a href='/forum/t/-/2/3'>This is the beginning of &lt;html&gt;</a>"
);
const topicLink = computedLabels[4].compute(row).formatedValue;
assert.equal(topicLink, "<a href='/forum/t/-/2'>Test topic</a>");
assert.equal(topicLink, "<a href='/forum/t/-/2'>Test topic &lt;html&gt;</a>");
const userLink = computedLabels[0].compute(row).formatedValue;
assert.equal(