fix(test): use '&' for XML escaping test to support Windows CI
This commit is contained in:
parent
fcc53bcf1b
commit
556d525dd8
@ -551,9 +551,8 @@ describe("applyMediaUnderstanding", () => {
|
|||||||
const { applyMediaUnderstanding } = await loadApply();
|
const { applyMediaUnderstanding } = await loadApply();
|
||||||
const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-media-"));
|
const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-media-"));
|
||||||
// Create file with XML special characters in the name (what filesystem allows)
|
// Create file with XML special characters in the name (what filesystem allows)
|
||||||
// Note: The sanitizeFilename in store.ts would strip most dangerous chars,
|
// We use '&' because it's valid on all platforms (including Windows) but still requires XML escaping
|
||||||
// but we test that even if some slip through, they get escaped in output
|
const filePath = path.join(dir, "file&test.txt");
|
||||||
const filePath = path.join(dir, "file<test>.txt");
|
|
||||||
await fs.writeFile(filePath, "safe content");
|
await fs.writeFile(filePath, "safe content");
|
||||||
|
|
||||||
const ctx: MsgContext = {
|
const ctx: MsgContext = {
|
||||||
@ -575,10 +574,9 @@ describe("applyMediaUnderstanding", () => {
|
|||||||
|
|
||||||
expect(result.appliedFile).toBe(true);
|
expect(result.appliedFile).toBe(true);
|
||||||
// Verify XML special chars are escaped in the output
|
// Verify XML special chars are escaped in the output
|
||||||
expect(ctx.Body).toContain("<");
|
expect(ctx.Body).toContain("&");
|
||||||
expect(ctx.Body).toContain(">");
|
// The raw & should not appear unescaped in the name attribute
|
||||||
// The raw < and > should not appear unescaped in the name attribute
|
expect(ctx.Body).not.toMatch(/name="[^"]*&[^"]*"/);
|
||||||
expect(ctx.Body).not.toMatch(/name="[^"]*<[^"]*"/);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it("normalizes MIME types to prevent attribute injection", async () => {
|
it("normalizes MIME types to prevent attribute injection", async () => {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user