Add tests for markdown content escaping (#4058)

This commit is contained in:
Matthew Phillips 2022-07-26 17:31:57 -04:00 committed by GitHub
parent c57242d534
commit da5e6ca128
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 50 additions and 20 deletions

View file

@ -82,7 +82,7 @@
"test:e2e:match": "playwright test -g"
},
"dependencies": {
"@astrojs/compiler": "^0.22.0",
"@astrojs/compiler": "^0.22.1",
"@astrojs/language-server": "^0.20.0",
"@astrojs/markdown-remark": "^0.13.0",
"@astrojs/prism": "0.6.1",

View file

@ -0,0 +1,3 @@
# Lesser than: Cannot escape `<` using `&lt;`
&lt;i&gt;This should NOT be italic&lt;/i&gt;

View file

@ -3,12 +3,17 @@ import * as cheerio from 'cheerio';
import { loadFixture } from './test-utils.js';
describe('Markdown tests', () => {
/** @type {import('./test-utils').Fixture} */
let fixture;
before(async () => {
fixture = await loadFixture({
root: './fixtures/markdown/',
});
});
describe('Build', () => {
before(async () => {
await fixture.build();
});
@ -27,4 +32,10 @@ describe('Markdown tests', () => {
expect($('pre')).to.have.lengthOf(7);
});
it('Does not unescape entities', async () => {
const html = await fixture.readFile('/entities/index.html');
expect(html).to.match(new RegExp("&#x3C;i>This should NOT be italic&#x3C;/i>"));
});
});
});

View file

@ -1,5 +1,9 @@
import { visit } from 'unist-util-visit';
export function escapeEntities(value: string): string {
return value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}
export default function rehypeEscape(): any {
return function (node: any): any {
return visit(node, 'element', (el) => {
@ -8,7 +12,7 @@ export default function rehypeEscape(): any {
// Visit all raw children and escape HTML tags to prevent Markdown code
// like "This is a `<script>` tag" from actually opening a script tag
visit(el, 'raw', (raw) => {
raw.value = raw.value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
raw.value = escapeEntities(raw.value);
});
}
return el;

View file

@ -0,0 +1,12 @@
import { renderMarkdown } from '../dist/index.js';
import { expect } from 'chai';
describe('entities', () => {
const renderAstroMd = (text) => renderMarkdown(text, { isAstroFlavoredMd: false });
it('should not unescape entities', async () => {
const { code } = await renderAstroMd(`&lt;i&gt;This should NOT be italic&lt;/i&gt;`);
expect(code).to.equal(`<p>&#x3C;i>This should NOT be italic&#x3C;/i></p>`);
});
});

8
pnpm-lock.yaml generated
View file

@ -438,7 +438,7 @@ importers:
packages/astro:
specifiers:
'@astrojs/compiler': ^0.22.0
'@astrojs/compiler': ^0.22.1
'@astrojs/language-server': ^0.20.0
'@astrojs/markdown-remark': ^0.13.0
'@astrojs/prism': 0.6.1
@ -526,7 +526,7 @@ importers:
yargs-parser: ^21.0.1
zod: ^3.17.3
dependencies:
'@astrojs/compiler': 0.22.0
'@astrojs/compiler': 0.22.1
'@astrojs/language-server': 0.20.1
'@astrojs/markdown-remark': link:../markdown/remark
'@astrojs/prism': link:../astro-prism
@ -2962,8 +2962,8 @@ packages:
leven: 3.1.0
dev: true
/@astrojs/compiler/0.22.0:
resolution: {integrity: sha512-TF3zwbPIgr3UPPkVquKUzSGsIqGKh3Gi34Y29+HZvL+YmrkAk+GAuUkOo2EXDJ6aS2Oxq0k7KO/yQ2LjkWl83A==}
/@astrojs/compiler/0.22.1:
resolution: {integrity: sha512-FiRZ7fwJhADPo2X1unTyEq9V7EfeWE3GOBhzKDcFIF8mc5iLZ0VmPXrGmvOUTRXkZH99+TkB1SXGaTDjelRa2w==}
dev: false
/@astrojs/language-server/0.20.1: