cameri / nostream / 24609919997

coverage: 30.829% (-32.0%) from 62.807%
24609919997

Pull #454

github

web-flow 
Merge c337d7af3 into 26bcdd51d
Pull Request #454: fix: OpenNode callback accepts unauthenticated requests

268 of 1385 branches covered (19.35%)

Branch coverage included in aggregate %.

29 of 41 new or added lines in 3 files covered. (70.73%)

976 existing lines in 41 files now uncovered.

1164 of 3260 relevant lines covered (35.71%)

5.89 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

60.0
/src/utils/html.ts
1 
const HTML_ESCAPES: Record<string, string> = {
1
2 
  '&': '&amp;',
3 
  '<': '&lt;',
4 
  '>': '&gt;',
5 
  '"': '&quot;',
6 
  "'": '&#39;',
7 
}
8 









9



/**










10



 * Escape a string for safe interpolation into HTML text or attribute values.










11



 */










12



export const escapeHtml = (value: string): string =>




1






UNCOV

13



  value.replace(/[&<>"']/g, (ch) => HTML_ESCAPES[ch])




×







14












15



/**










16



 * Serialize a value for safe embedding inside an inline <script> block.










17



 *










18



 * JSON.stringify alone is NOT sufficient: it leaves `<` unescaped, so a value










19



 * containing `</script>` would terminate the script block and allow injection.










20



 * After serializing, replace every `<` with the Unicode escape `\u003C`, which










21



 * is valid JSON and prevents the browser from treating the character as markup.










22



 */










23



export const safeJsonForScript = (value: unknown): string =>




1






UNCOV

24



  JSON.stringify(value).replace(/</g, '\\u003C')




×





















    

  • 

    •