diff --git a/apps/server/src/share/content_renderer.spec.ts b/apps/server/src/share/content_renderer.spec.ts index 1c8df6ce8..57c4e3bc2 100644 --- a/apps/server/src/share/content_renderer.spec.ts +++ b/apps/server/src/share/content_renderer.spec.ts @@ -35,30 +35,6 @@ describe("content_renderer", () => { expect(result.content).toStrictEqual(content); }); - it("handles attachment link", () => { - const content = trimIndentation`\ -

Test

-

- - 5863845791835102555.mp4 - -   -

- `; - const note = buildShareNote({ - content, - attachments: [ { id: "q14s2Id7V6pp", title: "5863845791835102555.mp4" } ] - }); - const result = getContent(note); - expect(result.content).toStrictEqual(trimIndentation`\ -

Test

-

- 5863845791835102555.mp4 -   -

- `); - }); - it("renders included notes", () => { buildShareNotes([ { id: "subnote1", content: `

Foo

Bar
` }, @@ -110,6 +86,98 @@ describe("content_renderer", () => { `) }); + + describe("Reference links", () => { + it("handles attachment link", () => { + const content = trimIndentation`\ +

Test

+

+ + 5863845791835102555.mp4 + +   +

+ `; + const note = buildShareNote({ + content, + attachments: [ { id: "q14s2Id7V6pp", title: "5863845791835102555.mp4" } ] + }); + const result = getContent(note); + expect(result.content).toStrictEqual(trimIndentation`\ +

Test

+

+ 5863845791835102555.mp4 +   +

+ `); + }); + + it("handles protected notes", () => { + buildShareNote({ + id: "MSkxxCFbBsYP", + title: "Foo", + isProtected: true + }); + const note = buildShareNote({ + id: "note", + content: trimIndentation`\ +

+ + Foo + +

+ ` + }); + const result = getContent(note); + expect(result.content).toStrictEqual(trimIndentation`\ +

+ [protected] +

+ `); + }); + + it("handles missing notes", () => { + const note = buildShareNote({ + id: "note", + content: trimIndentation`\ +

+ + Foo + +

+ ` + }); + const result = getContent(note); + expect(result.content).toStrictEqual(trimIndentation`\ +

+ [missing note] +

+ `); + }); + + it("properly escapes note title", () => { + buildShareNote({ + id: "MSkxxCFbBsYP", + title: "The quick brown fox" + }); + const note = buildShareNote({ + id: "note", + content: trimIndentation`\ +

+ + Hi + +

+ ` + }); + const result = getContent(note); + expect(result.content).toStrictEqual(trimIndentation`\ +

+ The quick <strong>brown</strong> fox +

+ `); + }); + }); }); describe("renderCode", () => { diff --git a/apps/server/src/share/content_renderer.ts b/apps/server/src/share/content_renderer.ts index 254829114..ec3893ee5 100644 --- a/apps/server/src/share/content_renderer.ts +++ b/apps/server/src/share/content_renderer.ts @@ -394,14 +394,17 @@ function handleAttachmentLink(linkEl: HTMLElement, href: string, getNote: (id: s */ function cleanUpReferenceLinks(linkEl: HTMLElement) { // Note: this method is basically a reimplementation of getReferenceLinkTitleSync from the link service of the client. - const noteId = linkEl.getAttribute("href")?.split("/").at(-1); + const href = linkEl.getAttribute("href") ?? ""; + if (linkEl.classList.contains("attachment-link")) return; + + const noteId = href.split("/").at(-1); const note = noteId ? shaca.getNote(noteId) : undefined; if (!note) { linkEl.innerHTML = "[missing note]"; } else if (note.isProtected) { linkEl.innerHTML = "[protected]"; } else { - linkEl.innerHTML = `${note.title}`; + linkEl.innerHTML = `${utils.escapeHtml(note.title)}`; } }