mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-16 16:14:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add dom purify (#1609)

Browse source 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth 2021-11-02 08:15:33 +01:00 committed by GitHub
parent 994d22eb35
commit 84ee1d9cd9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 103 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

32
cypress/integration/linkSchemes.spec.ts
View file

@ -20,30 +20,22 @@ describe('markdown formatted links to', () => {
it('note anchor references render as anchor link', () => {
cy.setCodemirrorContent('[anchor](#anchor)')
cy.getMarkdownBody()
.find('a')
.should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')
cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')
})
it('internal pages render as internal link', () => {
cy.setCodemirrorContent('[internal](other-note)')
cy.getMarkdownBody()
.find('a')
.should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')
cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')
})
it('data URIs do not render', () => {
cy.setCodemirrorContent('[data](data:text/plain,evil)')
cy.getMarkdownBody()
.find('a')
.should('not.exist')
cy.getMarkdownBody().find('a').should('not.exist')
})
it('javascript URIs do not render', () => {
cy.setCodemirrorContent('[js](javascript:alert("evil"))')
cy.getMarkdownBody()
.find('a')
.should('not.exist')
cy.getMarkdownBody().find('a').should('not.exist')
})
})
@ -63,29 +55,21 @@ describe('HTML anchor element links to', () => {
it('note anchor references render as anchor link', () => {
cy.setCodemirrorContent('<a href="#anchor">anchor</a>')
cy.getMarkdownBody()
.find('a')
.should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')
cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')
})
it('internal pages render as internal link', () => {
cy.setCodemirrorContent('<a href="other-note">internal</a>')
cy.getMarkdownBody()
.find('a')
.should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')
cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')
})
it('data URIs do not render', () => {
cy.setCodemirrorContent('<a href="data:text/plain,evil">data</a>')
cy.getMarkdownBody()
.find('a')
.should('not.exist')
cy.getMarkdownBody().find('a').should('not.have.attr', 'href')
})
it('javascript URIs do not render', () => {
cy.setCodemirrorContent('<a href="javascript:alert(\'evil\')">js</a>')
cy.getMarkdownBody()
.find('a')
.should('not.exist')
cy.getMarkdownBody().find('a').should('not.have.attr', 'href')
})
})