agtic/keycloak_theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove async from sanitize

Browse Source
This commit is contained in:
uchar 2024-09-18 18:37:17 +03:30
parent 66b480f837
commit 81fc9d57bd
4 changed files with 33 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
package.json
View File

@ -110,7 +110,6 @@
"vite": "^5.2.11", "vite": "^5.2.11",
"vitest": "^1.6.0", "vitest": "^1.6.0",
"yauzl": "^2.10.0", "yauzl": "^2.10.0",
"zod": "^3.17.10", "zod": "^3.17.10"
"html-entities": "2.5.2"
} }
} }

19
src/tools/kcSanitize/KcSanitizer.ts
View File

@ -6,30 +6,31 @@ export class KcSanitizer {
private static HREF_PATTERN = /\s+href="([^"]*)"/g; private static HREF_PATTERN = /\s+href="([^"]*)"/g;
private static textarea: HTMLTextAreaElement | null = null; private static textarea: HTMLTextAreaElement | null = null;
public static async sanitize(html: string | null): Promise<string> { public static sanitize(html: string | null): string {
if (html == null) { if (html == null) {
throw new Error("Cannot escape null value."); throw new Error("Cannot escape null value.");
} }
if (html === "") return ""; if (html === "") return "";
html = await this.decodeHtmlFull(html); html = this.decodeHtmlFull(html);
const sanitized = KcSanitizerPolicy.sanitize(html); const sanitized = KcSanitizerPolicy.sanitize(html);
return this.fixURLs(sanitized); return this.fixURLs(sanitized);
} }
private static async decodeHtmlFull(html: string): Promise<string> { private static decodeHtmlFull(html: string): string {
if (typeof window !== "undefined" && typeof document !== "undefined") { if (typeof window !== "undefined" && typeof document !== "undefined") {
return KcSanitizer.decodeHtmlOnClient(html); return KcSanitizer.decodeHtmlOnClient(html);
} else { } else {
return await KcSanitizer.decodeHtmlOnServer(html); throw new Error("not implemented");
// return await KcSanitizer.decodeHtmlOnServer(html);
} }
} }
private static async decodeHtmlOnServer(html: string): Promise<string> { // private static async decodeHtmlOnServer(html: string): Promise<string> {
// Dynamically import html-entities only on the server side // // Dynamically import html-entities only on the server side
const { decode } = await import("html-entities"); // const { decode } = await import("html-entities");
return decode(html); // return decode(html);
} // }
private static decodeHtmlOnClient(html: string): string { private static decodeHtmlOnClient(html: string): string {
if (!KcSanitizer.textarea) { if (!KcSanitizer.textarea) {

45
test/kcSanitize/KcSanitizer.spec.ts
View File

@ -150,35 +150,29 @@ const testCases = [
] ]
} }
]; ];
const assertResult = async ( const assertResult = (expectedResult: string | null, html: string | null): void => {
expectedResult: string | null,
html: string | null
): Promise<void> => {
if (html === null) { if (html === null) {
await expect(KcSanitizer.sanitize(html)).rejects.toThrow( expect(KcSanitizer.sanitize(html)).toThrow("Cannot escape null value.");
"Cannot escape null value."
);
} else { } else {
const result = await KcSanitizer.sanitize(html); const result = KcSanitizer.sanitize(html);
expect(result).toBe(expectedResult); expect(result).toBe(expectedResult);
} }
}; };
// Server-side tests // Server-side tests
describe("KcSanitizer - Server Side", () => { // describe("KcSanitizer - Server Side", () => {
for (const group of testCases) { // for (const group of testCases) {
describe(group.description, () => { // describe(group.description, () => {
for (const test of group.cases) { // for (const test of group.cases) {
it(`should handle ${test.html}`, async () => { // it(`should handle ${test.html}`, async () => {
await assertResult(test.expectedResult, test.html); // await assertResult(test.expectedResult, test.html);
}); // });
} // }
}); // });
} // }
}); // });
// Client-side tests describe("KcSanitizer - Client Side", () => {
describe("KcSanitizer - Client Side (jsdom)", () => {
const decodeHtmlEntities = (html: string): string => { const decodeHtmlEntities = (html: string): string => {
const entitiesMap: { [key: string]: string } = { const entitiesMap: { [key: string]: string } = {
"&amp;": "&", "&amp;": "&",
@ -195,6 +189,7 @@ describe("KcSanitizer - Client Side (jsdom)", () => {
}; };
beforeAll(() => { beforeAll(() => {
vi.stubGlobal("window", {});
// Mocking the `document.createElement` to simulate textarea behavior // Mocking the `document.createElement` to simulate textarea behavior
vi.stubGlobal("document", { vi.stubGlobal("document", {
createElement: (tagName: string) => { createElement: (tagName: string) => {
@ -219,8 +214,12 @@ describe("KcSanitizer - Client Side (jsdom)", () => {
for (const group of testCases) { for (const group of testCases) {
describe(group.description, () => { describe(group.description, () => {
for (const test of group.cases) { for (const test of group.cases) {
it(`should handle ${test.html}`, async () => { it(`should handle ${test.html}`, () => {
await assertResult(test.expectedResult, test.html); if (test.html == null)
expect(() =>
assertResult(test.expectedResult, test.html)
).toThrow("Cannot escape null value.");
else assertResult(test.expectedResult, test.html);
}); });
} }
}); });

5
yarn.lock
View File

@ -6633,11 +6633,6 @@ html-encoding-sniffer@^4.0.0:
dependencies: dependencies:
whatwg-encoding "^3.1.1" whatwg-encoding "^3.1.1"
html-entities@2.5.2:
version "2.5.2"
resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-2.5.2.tgz#201a3cf95d3a15be7099521620d19dfb4f65359f"
integrity sha512-K//PSRMQk4FZ78Kyau+mZurHn3FH0Vwr+H36eE0rPbeYkRRi9YxceYPhuN60UwWorxyKHhqoAJl2OFKa4BVtaA==
html-entities@^2.1.0: html-entities@^2.1.0:
version "2.3.3" version "2.3.3"
resolved "https://registry.npmjs.org/html-entities/-/html-entities-2.3.3.tgz" resolved "https://registry.npmjs.org/html-entities/-/html-entities-2.3.3.tgz"