|
|
@@ -709,7 +709,7 @@
|
|
|
expect(view.sendMessage).toHaveBeenCalled();
|
|
|
var msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
|
|
|
expect(msg.text()).toEqual(message);
|
|
|
- expect(msg.html()).toEqual('This message contains a hyperlink: <a target="_blank" href="http://www.opkode.com">www.opkode.com</a>');
|
|
|
+ expect(msg.html()).toEqual('This message contains a hyperlink: <a target="_blank" rel="noopener" href="http://www.opkode.com">www.opkode.com</a>');
|
|
|
}.bind(converse));
|
|
|
|
|
|
it("should display emoticons correctly", function () {
|
|
|
@@ -747,28 +747,28 @@
|
|
|
expect(view.sendMessage).toHaveBeenCalled();
|
|
|
var msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
|
|
|
expect(msg.text()).toEqual(message);
|
|
|
- expect(msg.html()).toEqual('<a target="_blank" href="http://www.opkode.com/%27onmouseover=%27alert%281%29%27whatever">http://www.opkode.com/\'onmouseover=\'alert(1)\'whatever</a>');
|
|
|
+ expect(msg.html()).toEqual('<a target="_blank" rel="noopener" href="http://www.opkode.com/%27onmouseover=%27alert%281%29%27whatever">http://www.opkode.com/\'onmouseover=\'alert(1)\'whatever</a>');
|
|
|
|
|
|
message = 'http://www.opkode.com/"onmouseover="alert(1)"whatever';
|
|
|
test_utils.sendMessage(view, message);
|
|
|
expect(view.sendMessage).toHaveBeenCalled();
|
|
|
msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
|
|
|
expect(msg.text()).toEqual(message);
|
|
|
- expect(msg.html()).toEqual('<a target="_blank" href="http://www.opkode.com/%22onmouseover=%22alert%281%29%22whatever">http://www.opkode.com/"onmouseover="alert(1)"whatever</a>');
|
|
|
+ expect(msg.html()).toEqual('<a target="_blank" rel="noopener" href="http://www.opkode.com/%22onmouseover=%22alert%281%29%22whatever">http://www.opkode.com/"onmouseover="alert(1)"whatever</a>');
|
|
|
|
|
|
message = "https://en.wikipedia.org/wiki/Ender's_Game";
|
|
|
test_utils.sendMessage(view, message);
|
|
|
expect(view.sendMessage).toHaveBeenCalled();
|
|
|
msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
|
|
|
expect(msg.text()).toEqual(message);
|
|
|
- expect(msg.html()).toEqual('<a target="_blank" href="https://en.wikipedia.org/wiki/Ender%27s_Game">https://en.wikipedia.org/wiki/Ender\'s_Game</a>');
|
|
|
+ expect(msg.html()).toEqual('<a target="_blank" rel="noopener" href="https://en.wikipedia.org/wiki/Ender%27s_Game">https://en.wikipedia.org/wiki/Ender\'s_Game</a>');
|
|
|
|
|
|
message = "https://en.wikipedia.org/wiki/Ender%27s_Game";
|
|
|
test_utils.sendMessage(view, message);
|
|
|
expect(view.sendMessage).toHaveBeenCalled();
|
|
|
msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
|
|
|
expect(msg.text()).toEqual(message);
|
|
|
- expect(msg.html()).toEqual('<a target="_blank" href="https://en.wikipedia.org/wiki/Ender%27s_Game">https://en.wikipedia.org/wiki/Ender%27s_Game</a>');
|
|
|
+ expect(msg.html()).toEqual('<a target="_blank" rel="noopener" href="https://en.wikipedia.org/wiki/Ender%27s_Game">https://en.wikipedia.org/wiki/Ender%27s_Game</a>');
|
|
|
}.bind(converse));
|
|
|
|
|
|
}.bind(converse));
|
JC Brand