diff --git a/web/src/pages/dataflow-result/components/rerun-button/__tests__/index.test.tsx b/web/src/pages/dataflow-result/components/rerun-button/__tests__/index.test.tsx new file mode 100644 index 0000000000..997923148c --- /dev/null +++ b/web/src/pages/dataflow-result/components/rerun-button/__tests__/index.test.tsx @@ -0,0 +1,13 @@ +import DOMPurify from 'dompurify'; + +describe('rerun modal content sanitization', () => { + it('strips unsafe html from interpolated pipeline step names', () => { + const step = ''; + const html = `You are about to rerun the process starting from the ${step} step.`; + const sanitized = DOMPurify.sanitize(html); + + expect(sanitized).not.toMatch(/onerror/i); + expect(sanitized).not.toContain(' { - const { className, step, onRerun, loading } = props; + const { step, onRerun, loading } = props; const { t } = useTranslation(); const clickFunc = () => { console.log('click rerun button'); @@ -22,9 +23,11 @@ const RerunButton = (props: RerunButtonProps) => { children: (
),