mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-03 13:58:41 +00:00
Fix XSS emoji test
This commit is contained in:
parent
7358cf1f20
commit
61400d7eb7
3 changed files with 5 additions and 8 deletions
2
mix.exs
2
mix.exs
|
@ -109,7 +109,7 @@ defmodule Pleroma.Mixfile do
|
|||
{:pbkdf2_elixir, "~> 0.12.3"},
|
||||
{:trailing_format_plug, "~> 0.0.7"},
|
||||
{:html_sanitize_ex, "~> 1.3.0"},
|
||||
{:fast_sanitize, git: "https://git.pleroma.social/pleroma/fast_sanitize.git", ref: "a23fbf1bd77b002a8f72a53c39c53b176f98f81a"},
|
||||
{:fast_sanitize, git: "https://git.pleroma.social/pleroma/fast_sanitize.git", ref: "37f55e2bbe6eb44e8a9c4b3831a5ce73a2f6955c"},
|
||||
{:html_entities, "~> 0.4"},
|
||||
{:phoenix_html, "~> 2.10"},
|
||||
{:calendar, "~> 0.17.4"},
|
||||
|
|
6
mix.lock
6
mix.lock
|
@ -36,7 +36,7 @@
|
|||
"ex_rated": {:hex, :ex_rated, "1.3.3", "30ecbdabe91f7eaa9d37fa4e81c85ba420f371babeb9d1910adbcd79ec798d27", [:mix], [{:ex2ms, "~> 1.5", [hex: :ex2ms, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"ex_syslogger": {:git, "https://github.com/slashmili/ex_syslogger.git", "f3963399047af17e038897c69e20d552e6899e1d", [tag: "1.4.0"]},
|
||||
"excoveralls": {:hex, :excoveralls, "0.11.2", "0c6f2c8db7683b0caa9d490fb8125709c54580b4255ffa7ad35f3264b075a643", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"fast_sanitize": {:git, "https://git.pleroma.social/pleroma/fast_sanitize.git", "a23fbf1bd77b002a8f72a53c39c53b176f98f81a", [ref: "a23fbf1bd77b002a8f72a53c39c53b176f98f81a"]},
|
||||
"fast_sanitize": {:git, "https://git.pleroma.social/pleroma/fast_sanitize.git", "37f55e2bbe6eb44e8a9c4b3831a5ce73a2f6955c", [ref: "37f55e2bbe6eb44e8a9c4b3831a5ce73a2f6955c"]},
|
||||
"flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"},
|
||||
"floki": {:hex, :floki, "0.23.0", "956ab6dba828c96e732454809fb0bd8d43ce0979b75f34de6322e73d4c917829", [:mix], [{:html_entities, "~> 0.4.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"gen_smtp": {:hex, :gen_smtp, "0.15.0", "9f51960c17769b26833b50df0b96123605a8024738b62db747fece14eb2fbfcc", [:rebar3], [], "hexpm"},
|
||||
|
@ -64,9 +64,9 @@
|
|||
"mock": {:hex, :mock, "0.3.3", "42a433794b1291a9cf1525c6d26b38e039e0d3a360732b5e467bfc77ef26c914", [:mix], [{:meck, "~> 0.8.13", [hex: :meck, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"mogrify": {:hex, :mogrify, "0.6.1", "de1b527514f2d95a7bbe9642eb556061afb337e220cf97adbf3a4e6438ed70af", [:mix], [], "hexpm"},
|
||||
"mox": {:hex, :mox, "0.5.1", "f86bb36026aac1e6f924a4b6d024b05e9adbed5c63e8daa069bd66fb3292165b", [:mix], [], "hexpm"},
|
||||
"myhtmlex": {:git, "https://github.com/rinpatch/myhtmlex.git", "2031aeb1098e128f35a6a0b54841e259fc7672d5", [ref: "2031aeb1098e128f35a6a0b54841e259fc7672d5", submodules: true]},
|
||||
"myhtmlex": {:git, "https://git.pleroma.social/pleroma/myhtmlex.git", "eafbba443260c0055ef2da3918b351b112ff356f", [ref: "eafbba443260c0055ef2da3918b351b112ff356f", submodules: true]},
|
||||
"nimble_parsec": {:hex, :nimble_parsec, "0.5.1", "c90796ecee0289dbb5ad16d3ad06f957b0cd1199769641c961cfe0b97db190e0", [:mix], [], "hexpm"},
|
||||
"nodex": {:git, "https://github.com/rinpatch/nodex", "12ca7a2c5b5791f1e847d73ed646cf006d4c8ca8", [ref: "12ca7a2c5b5791f1e847d73ed646cf006d4c8ca8"]},
|
||||
"nodex": {:git, "https://git.pleroma.social/pleroma/nodex", "2927091d96900fb76f6bc897e46a6abb9070ebbd", [ref: "2927091d96900fb76f6bc897e46a6abb9070ebbd"]},
|
||||
"oban": {:hex, :oban, "0.8.1", "4bbf62eb1829f856d69aeb5069ac7036afe07db8221a17de2a9169cc7a58a318", [:mix], [{:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.14", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm"},
|
||||
"pbkdf2_elixir": {:hex, :pbkdf2_elixir, "0.12.4", "8dd29ed783f2e12195d7e0a4640effc0a7c37e6537da491f1db01839eee6d053", [:mix], [], "hexpm"},
|
||||
|
|
|
@ -28,10 +28,7 @@ defmodule Pleroma.Emoji.FormatterTest do
|
|||
}
|
||||
|> Pleroma.Emoji.build()
|
||||
|
||||
expected_result =
|
||||
"I love <img class=\"emoji\" alt=\"\" title=\"\" src=\"https://placehold.it/1x1\" />"
|
||||
|
||||
assert Formatter.emojify(text, [{custom_emoji.code, custom_emoji}]) == expected_result
|
||||
refute Formatter.emojify(text, [{custom_emoji.code, custom_emoji}]) =~ text
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue