From da5e6ca128985a26842f630c45fcc989ba3ecf3a Mon Sep 17 00:00:00 2001 From: Matthew Phillips Date: Tue, 26 Jul 2022 17:31:57 -0400 Subject: [PATCH] Add tests for markdown content escaping (#4058) --- packages/astro/package.json | 2 +- .../fixtures/markdown/src/pages/entities.md | 3 ++ packages/astro/test/markdown.test.js | 39 ++++++++++++------- packages/markdown/remark/src/rehype-escape.ts | 6 ++- .../markdown/remark/test/entities.test.js | 12 ++++++ pnpm-lock.yaml | 8 ++-- 6 files changed, 50 insertions(+), 20 deletions(-) create mode 100644 packages/astro/test/fixtures/markdown/src/pages/entities.md create mode 100644 packages/markdown/remark/test/entities.test.js diff --git a/packages/astro/package.json b/packages/astro/package.json index 76b84b600..8b56e1500 100644 --- a/packages/astro/package.json +++ b/packages/astro/package.json @@ -82,7 +82,7 @@ "test:e2e:match": "playwright test -g" }, "dependencies": { - "@astrojs/compiler": "^0.22.0", + "@astrojs/compiler": "^0.22.1", "@astrojs/language-server": "^0.20.0", "@astrojs/markdown-remark": "^0.13.0", "@astrojs/prism": "0.6.1", diff --git a/packages/astro/test/fixtures/markdown/src/pages/entities.md b/packages/astro/test/fixtures/markdown/src/pages/entities.md new file mode 100644 index 000000000..d50f412d3 --- /dev/null +++ b/packages/astro/test/fixtures/markdown/src/pages/entities.md @@ -0,0 +1,3 @@ +# Lesser than: Cannot escape `<` using `<` + +<i>This should NOT be italic</i> diff --git a/packages/astro/test/markdown.test.js b/packages/astro/test/markdown.test.js index d12fa25cd..b107d36ce 100644 --- a/packages/astro/test/markdown.test.js +++ b/packages/astro/test/markdown.test.js @@ -3,28 +3,39 @@ import * as cheerio from 'cheerio'; import { loadFixture } from './test-utils.js'; describe('Markdown tests', () => { + /** @type {import('./test-utils').Fixture} */ let fixture; before(async () => { fixture = await loadFixture({ root: './fixtures/markdown/', }); - await fixture.build(); }); - it('Can load a simple markdown page with Astro', async () => { - const html = await fixture.readFile('/post/index.html'); - const $ = cheerio.load(html); + describe('Build', () => { + before(async () => { + await fixture.build(); + }); + + it('Can load a simple markdown page with Astro', async () => { + const html = await fixture.readFile('/post/index.html'); + const $ = cheerio.load(html); + + expect($('p').first().text()).to.equal('Hello world!'); + expect($('#first').text()).to.equal('Some content'); + expect($('#interesting-topic').text()).to.equal('Interesting Topic'); + }); + + it('Can load a realworld markdown page with Astro', async () => { + const html = await fixture.readFile('/realworld/index.html'); + const $ = cheerio.load(html); + + expect($('pre')).to.have.lengthOf(7); + }); - expect($('p').first().text()).to.equal('Hello world!'); - expect($('#first').text()).to.equal('Some content'); - expect($('#interesting-topic').text()).to.equal('Interesting Topic'); - }); - - it('Can load a realworld markdown page with Astro', async () => { - const html = await fixture.readFile('/realworld/index.html'); - const $ = cheerio.load(html); - - expect($('pre')).to.have.lengthOf(7); + it('Does not unescape entities', async () => { + const html = await fixture.readFile('/entities/index.html'); + expect(html).to.match(new RegExp("<i>This should NOT be italic</i>")); + }); }); }); diff --git a/packages/markdown/remark/src/rehype-escape.ts b/packages/markdown/remark/src/rehype-escape.ts index e776c1bb1..e99e37e41 100644 --- a/packages/markdown/remark/src/rehype-escape.ts +++ b/packages/markdown/remark/src/rehype-escape.ts @@ -1,5 +1,9 @@ import { visit } from 'unist-util-visit'; +export function escapeEntities(value: string): string { + return value.replace(/&/g, '&').replace(//g, '>'); +} + export default function rehypeEscape(): any { return function (node: any): any { return visit(node, 'element', (el) => { @@ -8,7 +12,7 @@ export default function rehypeEscape(): any { // Visit all raw children and escape HTML tags to prevent Markdown code // like "This is a `