paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-02-11 23:59:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Security: remove safe html pipe

Browse Source
This commit is contained in:
shamoon
2025-12-18 06:31:25 -08:00
parent 84c59f45da
commit bf38ae98f1
33 changed files with 44 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src-ui/src/app/pipes/safehtml.pipe.spec.ts
View File

@@ -1,24 +0,0 @@
import { TestBed } from '@angular/core/testing'
import { BrowserModule, DomSanitizer } from '@angular/platform-browser'
import { SafeHtmlPipe } from './safehtml.pipe'
describe('SafeHtmlPipe', () => {
let pipe: SafeHtmlPipe
beforeEach(() => {
TestBed.configureTestingModule({
providers: [SafeHtmlPipe],
imports: [BrowserModule],
})
pipe = TestBed.inject(SafeHtmlPipe)
})
it('should bypass security and trust the url', () => {
const html = '<div>some content</div>'
const domSanitizer = TestBed.inject(DomSanitizer)
const sanitizerSpy = jest.spyOn(domSanitizer, 'bypassSecurityTrustHtml')
let safeHtml = pipe.transform(html)
expect(safeHtml).not.toBeNull()
expect(sanitizerSpy).toHaveBeenCalled()
})
})

13
src-ui/src/app/pipes/safehtml.pipe.ts
View File

@@ -1,13 +0,0 @@
import { Pipe, PipeTransform, inject } from '@angular/core'
import { DomSanitizer } from '@angular/platform-browser'
@Pipe({
name: 'safeHtml',
})
export class SafeHtmlPipe implements PipeTransform {
private sanitizer = inject(DomSanitizer)
transform(html) {
return this.sanitizer.bypassSecurityTrustHtml(html)
}
}