From 6066911d9b34b9c2acea05df234ed6b3cbc83645 Mon Sep 17 00:00:00 2001 From: kedarchandrayan Date: Wed, 21 Sep 2022 10:53:57 +0530 Subject: [PATCH] Upgrades `htmlparser2` to new major version `^8.0.0`. --- CHANGELOG.md | 4 ++++ package.json | 2 +- test/test.js | 8 ++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fae24b..e44d6cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## Issue #565 + +- Upgrades `htmlparser2` to new major version `^8.0.0`. + ## 2.7.2 (2022-09-15) - Closing tags must agree with opening tags. This fixes [issue #549](https://github.com/apostrophecms/sanitize-html/issues/549), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to diff --git a/package.json b/package.json index 25b1d6f..bd0470d 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "dependencies": { "deepmerge": "^4.2.2", "escape-string-regexp": "^4.0.0", - "htmlparser2": "^6.0.0", + "htmlparser2": "^8.0.0", "is-plain-object": "^5.0.0", "parse-srcset": "^1.0.2", "postcss": "^8.3.11" diff --git a/test/test.js b/test/test.js index 283b2b5..8204d94 100644 --- a/test/test.js +++ b/test/test.js @@ -119,11 +119,11 @@ describe('sanitizeHtml', function() { it('should dump closing tags which do not have any opening tags.', function() { assert.equal(sanitizeHtml('
'); + }), '/'); assert.equal(sanitizeHtml(''); + }), '/'); }); it('should tolerate not closed p tags', function() { assert.equal(sanitizeHtml('

inner text 1

inner text 2

inner text 3

'), '

inner text 1

inner text 2

inner text 3

'); @@ -152,11 +152,11 @@ describe('sanitizeHtml', function() { assert.equal(sanitizeHtml('Hax'), 'Hax'); }); it('should dump character codes 1-32 even when escaped with padding rather than trailing ;', function() { - assert.equal(sanitizeHtml('Hax'), 'Hax'); + assert.equal(sanitizeHtml('Hax'), 'Hax'); // This one is weird, but the browser does not interpret it // as a scheme, so we're OK. That character is 65535, not null. I // think it's a limitation of the entities module - assert.equal(sanitizeHtml('Hax'), 'Hax'); + assert.equal(sanitizeHtml('Hax'), 'Hax'); }); it('should still like nice schemes', function() { assert.equal(sanitizeHtml('Hi'), 'Hi');