Merge pull request 'fix: Don't double escape delete branch text' (#5615) from gusted/forgejo-avoid-double-escape into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5615
Reviewed-by: Otto <otto@codeberg.org>
This commit is contained in:
Gusted 2024-10-19 21:21:33 +00:00
commit b43d9d5ae6
2 changed files with 35 additions and 1 deletions

View File

@ -214,7 +214,7 @@
const mergeForm = {
'baseLink': {{.Link}},
'textCancel': {{ctx.Locale.Tr "cancel"}},
'textDeleteBranch': {{ctx.Locale.Tr "repo.branch.delete" .HeadTarget}},
'textDeleteBranch': {{ctx.Locale.TrString "repo.branch.delete" .HeadTarget}},
'textAutoMergeButtonWhenSucceed': {{ctx.Locale.Tr "repo.pulls.auto_merge_button_when_succeed"}},
'textAutoMergeWhenSucceed': {{ctx.Locale.Tr "repo.pulls.auto_merge_when_succeed"}},
'textAutoMergeCancelSchedule': {{ctx.Locale.Tr "repo.pulls.auto_merge_cancel_schedule"}},

View File

@ -0,0 +1,34 @@
// Copyright 2024 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
import {flushPromises, mount} from '@vue/test-utils';
import PullRequestMergeForm from './PullRequestMergeForm.vue';
async function renderMergeForm(branchName) {
window.config.pageData.pullRequestMergeForm = {
textDeleteBranch: `Delete branch "${branchName}"`,
textDoMerge: 'Merge',
defaultMergeStyle: 'merge',
isPullBranchDeletable: true,
canMergeNow: true,
mergeStyles: [{
'name': 'merge',
'allowed': true,
'textDoMerge': 'Merge',
'mergeTitleFieldText': 'Merge PR',
'mergeMessageFieldText': 'Description',
'hideAutoMerge': 'Hide this message',
}],
};
const mergeform = mount(PullRequestMergeForm);
mergeform.get('.merge-button').trigger('click');
await flushPromises();
return mergeform;
}
test('renders escaped branch name', async () => {
let mergeform = await renderMergeForm('<b>evil</b>');
expect(mergeform.get('label[for="delete-branch-after-merge"]').text()).toBe('Delete branch "<b>evil</b>"');
mergeform = await renderMergeForm('<script class="evil">alert("evil message");</script>');
expect(mergeform.get('label[for="delete-branch-after-merge"]').text()).toBe('Delete branch "<script class="evil">alert("evil message");</script>"');
});