Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-07 15:55:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape flag filters

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2025-05-12 09:30:33 -04:00
parent 7a26672872
commit fc09f6c4f9
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
test/flags.js
View File

@@ -869,6 +869,11 @@ describe('Flags', () => {
assert.strictEqual(flagData.reports[0].value, '"<script>alert('ok');</script>');
});
it('should escape filters', async () => {
const { body } = await request.get(`${nconf.get('url')}/api/flags?quick="<script>alert('foo');</script>`, { jar });
assert.strictEqual(body.filters.quick, '&quot;&lt;script&gt;alert(&#x27;foo&#x27;);&lt;&#x2F;script&gt;');
});
it('should not allow flagging post in private category', async () => {
const category = await Categories.create({ name: 'private category' });
@@ -1149,5 +1154,7 @@ describe('Flags', () => {
}
});
});
});
});