jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: allow dir and title attributes

Browse source 
Fix #1796
This commit is contained in:
David Larlet 2024-05-06 18:26:05 -04:00
parent 8d24cc0ceb
commit 5b9746066c
No known key found for this signature in database
GPG key ID: 3E2953A359E7E7BD
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
umap/static/umap/js/modules/utils.js
View file

@ -88,7 +88,7 @@ export function escapeHTML(s) {
'span',
],
ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'],
ALLOWED_ATTR: ['href', 'src', 'width', 'height', 'style'],
ALLOWED_ATTR: ['href', 'src', 'width', 'height', 'style', 'dir', 'title'],
// Added: `geo:` URL scheme as defined in RFC5870:
// https://www.rfc-editor.org/rfc/rfc5870.html
// The base RegExp comes from:

7
umap/static/umap/unittests/utils.js
View file

@ -185,6 +185,13 @@ describe('Utils', function () {
assert.equal(Utils.escapeHTML('<a href="geo:1,2"></a>'), '<a href="geo:1,2"></a>')
})
it('should not escape dir and title attributes', function () {
assert.equal(
Utils.escapeHTML('<a title="Title" dir="rtl"></a>'),
'<a dir="rtl" title="Title"></a>'
)
})
it('should not fail with int value', function () {
assert.equal(Utils.escapeHTML(25), '25')
})