mirrors/bbob
2
0
Fork 0
mirror of https://github.com/tenrok/BBob.git synced 2026-05-15 11:59:37 +03:00
Code Activity

fix(plugin-helper): escape case insensitive javascript: attrs

Browse Source
This commit is contained in:
Nikolay Kostyurin
2020-07-08 19:34:12 +02:00
parent fe6a16b6d9
commit 5ceb2f0fa4
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/bbob-plugin-helper/src/index.js
+1 -1
View File
@@ -34,7 +34,7 @@ const escapeHTML = (value) => value
.replace(/"/g, '"')
.replace(/'/g, ''')
// eslint-disable-next-line no-script-url
.replace('javascript:', 'javascript%3A');
.replace(/(javascript):/gi, '$1%3A');
/**
* Acept name and value and return valid html5 attribute string
packages/bbob-plugin-helper/test/index.test.js
+6
View File
@@ -92,6 +92,12 @@ describe('@bbob/plugin-helper', () => {
href: `javascript:alert('hello')`,
})).toBe(` onclick="javascript%3Aalert('hello')" href="javascript%3Aalert('hello')"`)
});
test(`JAVASCRIPT:alert("hello")`, () => {
expect(attrsToString({
onclick: `JAVASCRIPT:alert('hello')`,
href: `JAVASCRIPT:alert('hello')`,
})).toBe(` onclick="JAVASCRIPT%3Aalert('hello')" href="JAVASCRIPT%3Aalert('hello')"`)
});
test(`<tag>`, () => {
expect(attrsToString({
onclick: `<tag>`,