From d5cab7e5516c4f72fe5ee81306988b82e1f9a6fb Mon Sep 17 00:00:00 2001
From: curbengh <43627182+curbengh@users.noreply.github.com>
Date: Wed, 18 Dec 2019 04:26:58 +0000
Subject: [PATCH 1/2] fix(html_tag): encode urls in meta tag
---
lib/html_tag.js | 7 +++++--
test/html_tag.spec.js | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/lib/html_tag.js b/lib/html_tag.js
index 9811edf4..02c74953 100644
--- a/lib/html_tag.js
+++ b/lib/html_tag.js
@@ -3,6 +3,7 @@
const encodeURL = require('./encode_url');
const escapeHTML = require('./escape_html');
const regexUrl = /(cite|download|href|src|url)$/i;
+const regexMeta = /^(og:|twitter:)(audio|image|image|url|video)(:secure_url)?$/i;
function encSrcset(str) {
str.split(' ')
@@ -23,8 +24,10 @@ function htmlTag(tag, attrs, text, escape = true) {
for (const i in attrs) {
if (attrs[i] === null || typeof attrs[i] === 'undefined') result += '';
else {
- if (i.match(regexUrl)) result += ` ${escapeHTML(i)}="${encodeURL(attrs[i])}"`;
- else if (attrs[i] === true || i === attrs[i]) result += ` ${escapeHTML(i)}`;
+ if (i.match(regexUrl)
+ || (tag === 'meta' && !attrs[i].match(regexMeta) && Object.values(attrs)[0].match(regexMeta))) {
+ result += ` ${escapeHTML(i)}="${encodeURL(attrs[i])}"`;
+ } else if (attrs[i] === true || i === attrs[i]) result += ` ${escapeHTML(i)}`;
else if (i.match(/srcset$/i)) result += ` ${escapeHTML(i)}="${encSrcset(attrs[i])}"`;
else result += ` ${escapeHTML(i)}="${escapeHTML(String(attrs[i]))}"`;
}
diff --git a/test/html_tag.spec.js b/test/html_tag.spec.js
index c205758c..708ce5a5 100644
--- a/test/html_tag.spec.js
+++ b/test/html_tag.spec.js
@@ -4,6 +4,7 @@ require('chai').should();
describe('htmlTag', () => {
const htmlTag = require('../lib/html_tag');
+ const encodeURL = require('../lib/encode_url');
it('tag', () => {
htmlTag('hr').should.eql('
');
@@ -113,4 +114,41 @@ describe('htmlTag', () => {
async: true
}, '').should.eql('');
});
+
+ it('meta tag', () => {
+ htmlTag('meta', {
+ property: 'og:title',
+ content: 'foo & bar'
+ }).should.eql('');
+
+ htmlTag('meta', {
+ name: 'twitter:title',
+ content: 'foo " bar'
+ }).should.eql('');
+ });
+
+ it('meta tag - url', () => {
+ const content = 'https://foo.com/bár.jpg';
+ const encoded = encodeURL(content);
+
+ htmlTag('meta', {
+ property: 'og:url',
+ content
+ }).should.eql(``);
+
+ htmlTag('meta', {
+ property: 'og:image:secure_url',
+ content
+ }).should.eql(``);
+
+ htmlTag('meta', {
+ name: 'twitter:image',
+ content
+ }).should.eql(``);
+
+ htmlTag('meta', {
+ name: 'foo image',
+ content: 'bar " baz'
+ }).should.eql('');
+ });
});
From d4bf26538f4425030e271ace9731cb45bdb27978 Mon Sep 17 00:00:00 2001
From: curbengh <43627182+curbengh@users.noreply.github.com>
Date: Wed, 18 Dec 2019 16:52:14 +1030
Subject: [PATCH 2/2] fix(html_tag): remove duplicate regex
---
lib/html_tag.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/html_tag.js b/lib/html_tag.js
index 02c74953..5f168f94 100644
--- a/lib/html_tag.js
+++ b/lib/html_tag.js
@@ -3,7 +3,7 @@
const encodeURL = require('./encode_url');
const escapeHTML = require('./escape_html');
const regexUrl = /(cite|download|href|src|url)$/i;
-const regexMeta = /^(og:|twitter:)(audio|image|image|url|video)(:secure_url)?$/i;
+const regexMeta = /^(og:|twitter:)(audio|image|url|video)(:secure_url)?$/i;
function encSrcset(str) {
str.split(' ')