escape translated strings to prevent HTML injections

2025-06-05 21:59:25 +02:00 · 2025-05-23 18:08:28 +02:00
parent 516f08a6ac
commit 3e2aac7657
7 changed files with 49 additions and 17 deletions
--- a/source/front/formatter-test.js
+++ b/source/front/formatter-test.js
@ -1,6 +1,18 @@
 import test from 'ava'
+import { JSDOM } from 'jsdom'
+
 import Formatter from './formatter.js'

+test.beforeEach(() => {
+  const dom = new JSDOM()
+  global.document = dom.window.document
+})
+
+test('#escapeHTML', (t) => {
+  const escaped = Formatter.escapeHTML('<b>a</b>')
+  t.is(escaped, '&lt;b&gt;a&lt;/b&gt;')
+})
+
 test('#formatDate one date', (t) => {
  const date = Formatter.formatDate({
    start: '2021-04-15T10:30:00Z',