test: escape task details exactly · openclaw/openclaw@fafe11b
shakkernerd
·
2026-05-13
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -286,8 +286,9 @@ describe("toSanitizedMarkdownHtml", () => {
|
286 | 286 | |
287 | 287 | it("escapes details/summary injection in task items", () => { |
288 | 288 | const html = toSanitizedMarkdownHtml("- [ ] <details><summary>x</summary>y</details>"); |
289 | | -expect(html).toContain("<details>"); |
290 | | -expect(html).not.toContain("<details>"); |
| 289 | +expect(html).toBe( |
| 290 | +'<ul class="contains-task-list">\n<li class="task-list-item"><input class="task-list-item-checkbox" disabled="" type="checkbox"> <details><summary>x</summary>y</details></li>\n</ul>\n', |
| 291 | +); |
291 | 292 | }); |
292 | 293 | }); |
293 | 294 | |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。