Skip to content

Commit

Permalink
Add tests
Browse files Browse the repository at this point in the history
Update changelog
  • Loading branch information
dliebner committed Feb 1, 2023
1 parent e8a0f80 commit f9b6fa5
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Changelog

## UNRELEASED (2023-01-31)

- Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when `disallowedTagMode` is set to any variant of `escape` -- just escape the disallowed tags that are present. This fixes [issue #464](https://github.com/apostrophecms/sanitize-html/issues/464). Thanks to [Daniel Liebner](https://github.com/dliebner)
- Add `tagAllowed()` helper function which takes a tag name and checks it against `options.allowedTags` and returns `true` if the tag is allowed and `false` if it is not.

## 2.9.0 (2023-01-27)

- Add option parseStyleAttributes to skip style parsing. This fixes [issue #547](https://github.com/apostrophecms/sanitize-html/issues/547). Thanks to [Bert Verhelst](https://github.com/bertyhell).
Expand Down
13 changes: 13 additions & 0 deletions test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -1561,4 +1561,17 @@ describe('sanitizeHtml', function() {
}), '<script src="//example.com/script.js"></script>'
);
});
it('should not automatically attach close tag for escaped tags', function() {
assert.equal(sanitizeHtml('<test>Hello', {
disallowedTagsMode: 'escape',
}), '&lt;test&gt;Hello');
assert.equal(sanitizeHtml('<test><test><test><test><test>Hello', {
disallowedTagsMode: 'recursiveEscape',
}), '&lt;test&gt;&lt;test&gt;&lt;test&gt;&lt;test&gt;&lt;test&gt;Hello');
});
it('should discard unclosed disallowed tags', function() {
assert.equal(sanitizeHtml('<test>Hello', {
disallowedTagsMode: 'discard',
}), 'Hello');
});
});

0 comments on commit f9b6fa5

Please sign in to comment.