From 4ee030a5abccaea7169d8cce6bf594b9b9587c96 Mon Sep 17 00:00:00 2001 From: Rakesh Tembhurne <rakeshtembhurne@users.noreply.github.com> Date: Wed, 14 Aug 2019 13:35:02 +0530 Subject: [PATCH] fix(html-sanitize): Sanitize HTML comments in PR (#4285) Sanitizes HTML comments inside PR body for BitBucket server. Includes snapshots for the tests. Closes #3715 --- lib/platform/bitbucket-server/index.ts | 1 + .../__snapshots__/index.spec.ts.snap | 28 +++++++++++++++++++ test/platform/bitbucket-server/index.spec.ts | 15 ++++++++++ 3 files changed, 44 insertions(+) diff --git a/lib/platform/bitbucket-server/index.ts b/lib/platform/bitbucket-server/index.ts index 9bf3b8249a..3db6783c49 100644 --- a/lib/platform/bitbucket-server/index.ts +++ b/lib/platform/bitbucket-server/index.ts @@ -964,6 +964,7 @@ export function getPrBody(input: string) { .replace(/<\/?summary>/g, '**') .replace(/<\/?details>/g, '') .replace(new RegExp(`\n---\n\n.*?<!-- .*?-rebase -->.*?(\n|$)`), '') + .replace(new RegExp('<!--.*?-->', 'g'), '') .substring(0, 30000); } diff --git a/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap b/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap index 33177c798e..7a53c606cb 100644 --- a/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap +++ b/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap @@ -921,6 +921,20 @@ exports[`platform/bitbucket-server endpoint with no path getPr() returns null fo exports[`platform/bitbucket-server endpoint with no path getPrBody() returns diff files 1`] = `"**foo**bartext"`; +exports[`platform/bitbucket-server endpoint with no path getPrBody() sanitizes HTML comments in the body 1`] = ` +"--- + +- [ ] If you want to rebase/retry this PR, check this box +- [ ] <a href=\\"/some/link\\">Update renovate/renovate to 16.1.2</a> + +--- + +Empty comment. + +Followed by some information. +" +`; + exports[`platform/bitbucket-server endpoint with no path getPrFiles() returns one file 1`] = ` Array [ Array [ @@ -2381,6 +2395,20 @@ exports[`platform/bitbucket-server endpoint with path getPr() returns null for n exports[`platform/bitbucket-server endpoint with path getPrBody() returns diff files 1`] = `"**foo**bartext"`; +exports[`platform/bitbucket-server endpoint with path getPrBody() sanitizes HTML comments in the body 1`] = ` +"--- + +- [ ] If you want to rebase/retry this PR, check this box +- [ ] <a href=\\"/some/link\\">Update renovate/renovate to 16.1.2</a> + +--- + +Empty comment. + +Followed by some information. +" +`; + exports[`platform/bitbucket-server endpoint with path getPrFiles() returns one file 1`] = ` Array [ Array [ diff --git a/test/platform/bitbucket-server/index.spec.ts b/test/platform/bitbucket-server/index.spec.ts index 7935bc6edf..dfd8d36a2b 100644 --- a/test/platform/bitbucket-server/index.spec.ts +++ b/test/platform/bitbucket-server/index.spec.ts @@ -684,6 +684,21 @@ describe('platform/bitbucket-server', () => { ) ).toMatchSnapshot(); }); + + it('sanitizes HTML comments in the body', () => { + const prBody = bitbucket.getPrBody(`--- + +- [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box +- [ ] <!-- recreate-branch=renovate/docker-renovate-renovate-16.x --><a href="/some/link">Update renovate/renovate to 16.1.2</a> + +--- +<!----> +Empty comment. +<!-- This is another comment --> +Followed by some information. +<!-- followed by some more comments -->`); + expect(prBody).toMatchSnapshot(); + }); }); describe('getCommitMessages()', () => { -- GitLab