fix(test): correct regex assertion for XML escaping test
This commit is contained in:
parent
556d525dd8
commit
43310e2741
@ -576,7 +576,12 @@ describe("applyMediaUnderstanding", () => {
|
|||||||
// Verify XML special chars are escaped in the output
|
// Verify XML special chars are escaped in the output
|
||||||
expect(ctx.Body).toContain("&");
|
expect(ctx.Body).toContain("&");
|
||||||
// The raw & should not appear unescaped in the name attribute
|
// The raw & should not appear unescaped in the name attribute
|
||||||
expect(ctx.Body).not.toMatch(/name="[^"]*&[^"]*"/);
|
// Note: The regex /name="[^"]*&[^"]*"/ matches both unescaped '&' AND escaped '&' because '&' contains '&'.
|
||||||
|
// We need a regex that matches '&' NOT followed by 'amp;' (and other entities if we cared, but & is the main one here).
|
||||||
|
// Or simpler: check that it DOES match & and DOES NOT match a raw & that isn't the start of an entity.
|
||||||
|
// But since we know the input is specifically "file&test.txt", we expect "file&test.txt".
|
||||||
|
expect(ctx.Body).toContain('name="file&test.txt"');
|
||||||
|
expect(ctx.Body).not.toContain('name="file&test.txt"');
|
||||||
});
|
});
|
||||||
|
|
||||||
it("normalizes MIME types to prevent attribute injection", async () => {
|
it("normalizes MIME types to prevent attribute injection", async () => {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user