fix(html-sanitize): Sanitize HTML comments in PR (#4285)

Sanitizes HTML comments inside PR body for BitBucket server. Includes snapshots for the tests. Closes #3715
renovatebot · Aug 14, 2019 · 4ee030a · 4ee030a
1 parent 8e20aa0
commit 4ee030a
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 0 deletions.
diff --git a/lib/platform/bitbucket-server/index.ts b/lib/platform/bitbucket-server/index.ts
@@ -964,6 +964,7 @@ export function getPrBody(input: string) {
     .replace(/<\/?summary>/g, '**')
     .replace(/<\/?details>/g, '')
     .replace(new RegExp(`\n---\n\n.*?<!-- .*?-rebase -->.*?(\n|$)`), '')
+    .replace(new RegExp('<!--.*?-->', 'g'), '')
     .substring(0, 30000);
 }
 

diff --git a/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap b/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap
@@ -921,6 +921,20 @@ exports[`platform/bitbucket-server endpoint with no path getPr() returns null fo
 
 exports[`platform/bitbucket-server endpoint with no path getPrBody() returns diff files 1`] = `"**foo**bartext"`;
 
+exports[`platform/bitbucket-server endpoint with no path getPrBody() sanitizes HTML comments in the body 1`] = `
+"---
+
+- [ ] If you want to rebase/retry this PR, check this box
+- [ ] <a href=\\"/some/link\\">Update renovate/renovate to 16.1.2</a>
+
+---
+
+Empty comment.
+
+Followed by some information.
+"
+`;
+
 exports[`platform/bitbucket-server endpoint with no path getPrFiles() returns one file 1`] = `
 Array [
   Array [
@@ -2381,6 +2395,20 @@ exports[`platform/bitbucket-server endpoint with path getPr() returns null for n
 
 exports[`platform/bitbucket-server endpoint with path getPrBody() returns diff files 1`] = `"**foo**bartext"`;
 
+exports[`platform/bitbucket-server endpoint with path getPrBody() sanitizes HTML comments in the body 1`] = `
+"---
+
+- [ ] If you want to rebase/retry this PR, check this box
+- [ ] <a href=\\"/some/link\\">Update renovate/renovate to 16.1.2</a>
+
+---
+
+Empty comment.
+
+Followed by some information.
+"
+`;
+
 exports[`platform/bitbucket-server endpoint with path getPrFiles() returns one file 1`] = `
 Array [
   Array [

diff --git a/test/platform/bitbucket-server/index.spec.ts b/test/platform/bitbucket-server/index.spec.ts
@@ -684,6 +684,21 @@ describe('platform/bitbucket-server', () => {
             )
           ).toMatchSnapshot();
         });
+
+        it('sanitizes HTML comments in the body', () => {
+          const prBody = bitbucket.getPrBody(`---
+
+- [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box
+- [ ] <!-- recreate-branch=renovate/docker-renovate-renovate-16.x --><a href="/some/link">Update renovate/renovate to 16.1.2</a>
+
+---
+<!---->
+Empty comment.
+<!-- This is another comment -->
+Followed by some information.
+<!-- followed by some more comments -->`);
+          expect(prBody).toMatchSnapshot();
+        });
       });
 
       describe('getCommitMessages()', () => {