From 2092f82270b32522b67a4677d00b06f48cf46e09 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Wed, 30 Jun 2021 10:37:08 -0700 Subject: [PATCH] fixup! fix: escape error.message on login failure --- src/node/util.ts | 2 +- test/unit/node/util.test.ts | 4 ++-- test/unit/routes/login.test.ts | 8 ++------ 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/src/node/util.ts b/src/node/util.ts index 09e439de0..40ae9cef6 100644 --- a/src/node/util.ts +++ b/src/node/util.ts @@ -520,5 +520,5 @@ export function escapeHtml(unsafe: string): string { .replace(//g, ">") .replace(/"/g, """) - .replace(/'/g, "'") + .replace(/'/g, "'") } diff --git a/test/unit/node/util.test.ts b/test/unit/node/util.test.ts index d089908bd..d93cbd371 100644 --- a/test/unit/node/util.test.ts +++ b/test/unit/node/util.test.ts @@ -448,8 +448,8 @@ describe("onLine", () => { describe("escapeHtml", () => { it("should escape HTML", () => { - expect(util.escapeHtml(`
"Hello & world"
`)).toBe( - "<div class="error">"Hello & world"</div>", + expect(util.escapeHtml(`
"'ello & world"
`)).toBe( + "<div class="error">"'ello & world"</div>", ) }) }) diff --git a/test/unit/routes/login.test.ts b/test/unit/routes/login.test.ts index 9d68799b2..c6e131bdc 100644 --- a/test/unit/routes/login.test.ts +++ b/test/unit/routes/login.test.ts @@ -60,18 +60,14 @@ describe("login", () => { process.env.PASSWORD = previousEnvPassword }) - it("should return escaped HTML with 'Missing password' message", async () => { + it("should return HTML with 'Missing password' message", async () => { const resp = await codeServer().fetch("/login", { method: "POST" }) expect(resp.status).toBe(200) const htmlContent = await resp.text() - expect(htmlContent).not.toContain(">") - expect(htmlContent).not.toContain("<") - expect(htmlContent).not.toContain('"') - expect(htmlContent).not.toContain("'") - expect(htmlContent).toContain("<div class="error">Missing password</div>") + expect(htmlContent).toContain("Missing password") }) }) })