mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-10-04 16:57:12 +03:00
Fixed handling SVG files with missing tag
fix https://linear.app/tryghost/issue/SLO-151/[ghost]-cannot-read-properties-of-null-reading-attributes-an - in the event the file doesn't contain a tag, the code currently crashes because it tries to read `attributes from `undefined` - we can fix that by checking the first element exists before reading from it - also includes a breaking test
This commit is contained in:
parent
cd8a54d7cc
commit
9a40440e82
@ -165,6 +165,10 @@ const isSvgSafe = (filepath) => {
|
||||
document.body.innerHTML = fileContent;
|
||||
const svgEl = document.body.firstElementChild;
|
||||
|
||||
if (!svgEl) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const attributes = Array.from(svgEl.attributes).map(({name}) => name);
|
||||
const hasScriptAttr = !!attributes.find(attr => attr.startsWith('on'));
|
||||
const scripts = svgEl.getElementsByTagName('script');
|
||||
|
@ -63,5 +63,10 @@ describe('web utils', function () {
|
||||
dirtySvgContent.should.not.containEql('<script');
|
||||
validation.isSvgSafe(filepath).should.be.true;
|
||||
});
|
||||
|
||||
it('returns false for malformed svg', async function () {
|
||||
const filepath = path.join(__dirname, imageFixturePath, 'svg-malformed.svg');
|
||||
validation.isSvgSafe(filepath).should.be.false;
|
||||
});
|
||||
});
|
||||
});
|
||||
|
1
ghost/core/test/utils/fixtures/images/svg-malformed.svg
Normal file
1
ghost/core/test/utils/fixtures/images/svg-malformed.svg
Normal file
@ -0,0 +1 @@
|
||||
<
|
Loading…
Reference in New Issue
Block a user