Skip to content

C
code-server

镜像 / Coder / code-server
2022-09-21 03:15:05同步失败

通知 15
Star 0
Fork 0
C
code-server

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
errors.test.ts 1004 字节
Newer Older
M
Escape HTML from messages in error page (#4430)  
Mauricio Garavaglia 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 
import express from "express"
import { errorHandler } from "../../../../src/node/routes/errors"

describe("error page is rendered for text/html requests", () => {
  it("escapes any html in the error messages", async () => {
    const next = jest.fn()
    const err = {
      code: "ENOENT",
      statusCode: 404,
      message: ";>hello<script>alert(1)</script>",
    }
    const req = createRequest()
    const res = {
      status: jest.fn().mockReturnValue(this),
      send: jest.fn().mockReturnValue(this),
      set: jest.fn().mockReturnValue(this),
    } as unknown as express.Response

    await errorHandler(err, req, res, next)
    expect(res.status).toHaveBeenCalledWith(404)
    expect(res.send).toHaveBeenCalledWith(expect.not.stringContaining("<script>"))
  })
})

function createRequest(): express.Request {
  return {
    headers: {
      accept: ["text/html"],
    },
    originalUrl: "http://example.com/test",
    query: {
      to: "test",
    },
  } as unknown as express.Request
}