fix: update validator dep. to get fix for CVE-2025-56200

https://nvd.nist.gov/vuln/detail/CVE-2025-56200
2026-05-07 08:55:50 +02:00 · 2025-11-20 09:02:17 -05:00
parent 12dab84914
commit af477d0c2d
2 changed files with 9 additions and 1 deletions
--- a/test/user/custom-fields.js
+++ b/test/user/custom-fields.js
@@ -88,6 +88,14 @@ describe('custom user fields', () => {
 			{ message: '[[error:custom-user-field-invalid-link, Website]]' },
 		);

+		await assert.rejects(
+			user.updateProfile(highRepUid, {
+				uid: highRepUid,
+				website: 'javascript:alert("xss")',
+			}),
+			{ message: '[[error:custom-user-field-invalid-link, Website]]' },
+		);
+
 		await assert.rejects(
 			user.updateProfile(highRepUid, {
 				uid: highRepUid,