mirror of
https://github.com/ArchiveBox/ArchiveBox.git
synced 2025-05-14 23:24:30 -04:00
fix: htmlencode titles before rendering the static html index and detail
This commit is contained in:
Cristian
parent
175e6fa3d0
commit
f845224d6f
3 changed files with 715 additions and 2 deletions
14
tests/test_title.py
Normal file
14
tests/test_title.py
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
from .fixtures import *
|
||||
|
||||
def test_title_is_htmlencoded_in_index_html(tmp_path, process):
|
||||
"""
|
||||
https://github.com/pirate/ArchiveBox/issues/330
|
||||
Unencoded content should not be rendered as it facilitates xss injections
|
||||
and breaks the layout.
|
||||
"""
|
||||
add_process = subprocess.run(['archivebox', 'add', 'http://localhost:8080/static/title_with_html.com.html'], capture_output=True)
|
||||
|
||||
with open(tmp_path / "index.html", "r") as f:
|
||||
output_html = f.read()
|
||||
|
||||
assert "<textarea>" not in output_html
|
||||
Loading…
Add table
Add a link
Reference in a new issue