FIX: display tables in posts history diff (#6032)

2025-05-21 18:12:32 +08:00 · 2018-07-12 07:13:52 +03:00
parent 1ed4f0ee8a
commit f13a7226db
4 changed files with 92 additions and 18 deletions
--- a/test/javascripts/controllers/history-test.js.es6
+++ b/test/javascripts/controllers/history-test.js.es6
@ -22,10 +22,59 @@ QUnit.test("displayEdit", function(assert) {
  );

  HistoryController.set("model.current_revision", 2);
-
  assert.equal(
    HistoryController.get("displayEdit"),
    false,
    "it should only display the edit button on the latest revision"
  );
+
+  const html = `<div class="revision-content">
+  <p><img src="/uploads/default/original/1X/6b963ffc13cb0c053bbb90c92e99d4fe71b286ef.jpg" alt="" class="diff-del"><img/src=x onerror=alert(document.domain)>" width="276" height="183"></p>
+</div>
+<table background="javascript:alert(\"HACKEDXSS\")">
+  <thead>
+    <tr>
+      <th>Column</th>
+      <th style="text-align:left">Test</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td background="javascript:alert('HACKEDXSS')">Osama</td>
+      <td style="text-align:right">Testing</td>
+    </tr>
+  </tbody>
+</table>`;
+
+  const expectedOutput = `<div class="revision-content">
+  <p><img src="/uploads/default/original/1X/6b963ffc13cb0c053bbb90c92e99d4fe71b286ef.jpg" alt class="diff-del">" width="276" height="183"&gt;</p>
+</div>
+<table>
+  <thead>
+    <tr>
+      <th>Column</th>
+      <th style="text-align:left">Test</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Osama</td>
+      <td style="text-align:right">Testing</td>
+    </tr>
+  </tbody>
+</table>`;
+
+  HistoryController.setProperties({
+    viewMode: "side_by_side",
+    model: {
+      body_changes: {
+        side_by_side: html
+      }
+    }
+  });
+
+  HistoryController.bodyDiffChanged().then(() => {
+    const output = HistoryController.get("bodyDiff");
+    assert.equal(output, expectedOutput, "it keeps safe HTML");
+  });
 });