colin/Signal-Desktop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove escaping from linkText

Browse Source 
We leverage jQuery’s HTML escaping in `$.html(…)`.
This commit is contained in:
Daniel Gasienica
2018-04-10 14:57:09 -04:00
parent f04c65088b
commit 9d41b86162
4 changed files with 5 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ts/test-unit/html/index_test.ts
View File

@@ -20,7 +20,7 @@ describe('HTML', () => {
{
name: 'square brackets',
input: 'https://www.example.com/test.html?foo=bar&baz[qux]=quux',
output: 'https://www.example.com/test.html?foo=bar&baz[qux]=quux',
output: 'https://www.example.com/test.html?foo=bar&baz[qux]=quux',
},
{
name: 'Chinese characters',
@@ -41,7 +41,7 @@ describe('HTML', () => {
{
name: 'single quotes',
input: "https://www.example.com/this-couldn't-be-true",
output: "https://www.example.com/this-couldn#39;t-be-true",
output: "https://www.example.com/this-couldn't-be-true",
},
{
name: 'special characters before URL begins',
@@ -85,9 +85,9 @@ describe('HTML', () => {
assert.equal(actual, expected);
});
it('should escape HTML', () => {
it('should not escape HTML', () => {
const input: string = "Hello\n<script>alert('evil');</script>World!";
const expected: string = 'Hello<br>&lt;script&gt;alert(&#39;evil&#39;);&lt;/script&gt;World!';
const expected: string = "Hello<br><script>alert('evil');</script>World!";
const actual = HTML.render(input);
assert.equal(actual, expected);