From 86bcc2b1f73c8135bf575d89bbe1d3871560c7e9 Mon Sep 17 00:00:00 2001 From: Ivan Demidov Date: Wed, 11 Nov 2020 18:02:18 +0300 Subject: [PATCH 1/3] test: escape html --- test/unit/render-util.test.js | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/test/unit/render-util.test.js b/test/unit/render-util.test.js index 3a82a0f9d..033725bb1 100644 --- a/test/unit/render-util.test.js +++ b/test/unit/render-util.test.js @@ -1,4 +1,4 @@ -const { removeAtag } = require(`${SRC_PATH}/core/render/utils`); +const { removeAtag, escapeHtml } = require(`${SRC_PATH}/core/render/utils`); // Suite // ----------------------------------------------------------------------------- @@ -12,4 +12,16 @@ describe('core/render/utils', () => { expect(result).toEqual('content'); }); }); + + // escapeHtml() + // --------------------------------------------------------------------------- + describe('escapeHtml()', () => { + test('escape html', () => { + const result = escapeHtml('content'); + + expect(result).toEqual( + '<a href="www.example.com">content</a>' + ); + }); + }); }); From be3d0ac77e3e5e49565ac732e6d57c9f4fc843a5 Mon Sep 17 00:00:00 2001 From: Ivan Demidov Date: Wed, 11 Nov 2020 18:03:01 +0300 Subject: [PATCH 2/3] perf: move escape html to utils --- src/core/render/utils.js | 17 +++++++++++++++++ src/plugins/search/search.js | 14 +------------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/src/core/render/utils.js b/src/core/render/utils.js index bd892c653..f055d7c59 100644 --- a/src/core/render/utils.js +++ b/src/core/render/utils.js @@ -48,3 +48,20 @@ export function getAndRemoveConfig(str = '') { export function removeAtag(str = '') { return str.replace(/(<\/?a.*?>)/gi, ''); } + +/** + * Escape html + * @param {String} string html string + * @returns {string} Return escaped html string + */ +export function escapeHtml(string) { + const entityMap = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + }; + + return String(string).replace(/[&<>"']/g, s => entityMap[s]); +} diff --git a/src/plugins/search/search.js b/src/plugins/search/search.js index aba15d0b7..03f20fee3 100644 --- a/src/plugins/search/search.js +++ b/src/plugins/search/search.js @@ -1,5 +1,5 @@ /* eslint-disable no-unused-vars */ -import { getAndRemoveConfig } from '../../core/render/utils'; +import { getAndRemoveConfig, escapeHtml } from '../../core/render/utils'; let INDEXS = {}; @@ -20,18 +20,6 @@ function resolveIndexKey(namespace) { : LOCAL_STORAGE.INDEX_KEY; } -function escapeHtml(string) { - const entityMap = { - '&': '&', - '<': '<', - '>': '>', - '"': '"', - "'": ''', - }; - - return String(string).replace(/[&<>"']/g, s => entityMap[s]); -} - function getAllPaths(router) { const paths = []; From acbb19bbbf4731de4de1471c0e0c533a6f0bba42 Mon Sep 17 00:00:00 2001 From: Ivan Demidov Date: Wed, 11 Nov 2020 18:03:29 +0300 Subject: [PATCH 3/3] fix: html in attribute not escaped --- src/core/render/tpl.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/core/render/tpl.js b/src/core/render/tpl.js index 2bad3a311..206c11dcc 100644 --- a/src/core/render/tpl.js +++ b/src/core/render/tpl.js @@ -1,3 +1,5 @@ +import { escapeHtml } from './utils'; + /** * Render github corner * @param {Object} data URL for the View Source on Github link @@ -91,7 +93,9 @@ export function tree(toc, tpl = '
    {inner}
') { let innerHTML = ''; toc.forEach(node => { - innerHTML += `
  • ${node.title}
    • `; + innerHTML += `
  • ${node.title}
    • `; if (node.children) { innerHTML += tree(node.children, tpl); }