mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 02:11:44 +03:00
4534b693e4
refs https://github.com/TryGhost/Team/issues/1871 This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped. To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay. Apart from that this fixes: - Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the <br /> tag` - The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards) - `@tryghost/string` is bumped because it contains the new escapeHtml method |
||
|---|---|---|
| .. | ||
| adapter-manager | ||
| api-version-compatibility | ||
| auth | ||
| frontend-data-service | ||
| mega | ||
| members | ||
| newsletters | ||
| notifications | ||
| permissions | ||
| posts | ||
| redirects | ||
| route-settings | ||
| settings | ||
| settings-helpers | ||
| stripe | ||
| themes | ||
| url | ||
| users | ||
| webhooks | ||
| labs.test.js | ||
| limits.test.js | ||
| nft-oembed.test.js | ||
| slack.test.js | ||
| xmlrpc.test.js | ||