Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: broken test case to sanitize on-event in ie #1051

Merged
merged 1 commit into from Jun 16, 2020
Merged

fix: broken test case to sanitize on-event in ie #1051

merged 1 commit into from Jun 16, 2020

Conversation

seonim-ryu
Copy link
Member

@seonim-ryu seonim-ryu commented Jun 15, 2020
edited

Please check if the PR fulfills these requirements

  • It's the right issue type on the title
  • When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)
  • The commit message follows our guidelines
  • Tests for the changes have been added (for bug fixes/features)
  • Docs have been added/updated (for bug fixes/features)
  • It does not introduce a breaking change or has a description of the breaking change

Description

  • Change getNamedItem, removeNamedItem to getAttribute, removeAttribute because IE is not supported correctly.

Thank you for your contribution to TOAST UI product. ๐ŸŽ‰ ๐Ÿ˜˜ โœจ

@seonim-ryu seonim-ryu requested a review from js87zz June 15, 2020 13:17
seonim-ryu
seonim-ryu commented Jun 15, 2020
View reviewed changes
apps/editor/test/unit/htmlSanitizer.spec.js
@@ -54,7 +54,7 @@ describe('htmlSanitizer', function() {
expect(htmlSanitizer(`<TABLE BACKGROUND="javascript:alert('XSS')">`, true)).toBe(
'<table></table>'
);
expect(htmlSanitizer(`<TABLE><TD BACKGROUND="javascript:alert('XSS')">`, true)).toBe(
expect(htmlSanitizer(`<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD>`, true)).toBe(
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IE10์—์„œ <td>๋งŒ ๋„˜๊ฒจ์ค„ ๊ฒฝ์šฐ, ์ž๋™์œผ๋กœ ํด๋กœ์ฆˆ ํƒœ๊ทธ๋ฅผ ์ƒ์„ฑํ•ด์ฃผ์ง€ ์•Š์•„์„œ ํด๋กœ์ฆˆ ํƒœ๊ทธ๋ฅผ ์ถ”๊ฐ€ํ•จ

@seonim-ryu seonim-ryu requested a review from shiren June 15, 2020 13:21
seonim-ryu
seonim-ryu commented Jun 15, 2020
View reviewed changes
apps/editor/src/js/htmlSanitizer.js
Comment on lines +101 to +103
if (ON_EVENT_RX.test(name)) {
node[name] = null;
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IE์˜ ๊ฒฝ์šฐonload, onerror ๋“ฑ ์†์„ฑ์— ํ• ๋‹น๋œ ์ด๋ฒคํŠธ๊ฐ€ ์ œ๊ฑฐ๋˜์ง€ ์•Š์•„์„œ XSS ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์‹คํ–‰์‹œํ‚ค๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์œผ๋ฉฐ ์ด๋ฒคํŠธ๋ฅผ ์™„์ „ํ•˜๊ฒŒ ์ œ๊ฑฐํ•˜๊ธฐ ์œ„ํ•ด์„œ ํ•ด๋‹น ๋กœ์ง์„ ์ถ”๊ฐ€ํ•จ

@seonim-ryu seonim-ryu mentioned this pull request Jun 16, 2020
Merged
6 tasks
js87zz
js87zz approved these changes Jun 16, 2020
View reviewed changes
Copy link
Contributor

@js87zz js87zz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

๋ฆฌ๋ทฐ์™„๋ฃŒ์ž…๋‹ˆ๋‹ค~!

@seonim-ryu seonim-ryu merged commit f0d3184 into master Jun 16, 2020
@seonim-ryu seonim-ryu deleted the fix/broken-tc-sanitizer branch June 16, 2020 10:46
js87zz pushed a commit that referenced this pull request Jun 17, 2021
@seonim-ryu
refactor: viewonly to viewer (#1051)
057d01f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@js87zz js87zz js87zz approved these changes

@shiren shiren Awaiting requested review from shiren

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@seonim-ryu @js87zz