mirror of
https://github.com/ankitects/anki.git
synced 2026-06-10 14:19:28 -04:00
d76bd4033b
## Linked issue Closes #4929 ## Summary / motivation `ts/html-filter/element.ts` is responsible for sanitizing HTML on paste in the note editor, so it's security-sensitive code. About 8% of it wasn't covered by tests, including the branches that strip attributes and tags. This PR adds tests to get it to full coverage (statements, branches, functions, and lines) so we don't accidentally break the filtering later. There are no changes to the actual code, just tests. ## Steps to reproduce N/A - tests only. ## How to test ### Checklist (minimum) - [x] I ran `./ninja check` or an equivalent relevant check locally. - [x] I added or updated tests when the change is non-trivial or behaviour changed. ### Details Ran `just check` (the full lint and test build) and everything passed. For coverage specifically, I scoped vitest to the target file: `npx vitest run html-filter/index.test.ts --coverage --coverage.include='html-filter/element.ts'` That reports element.ts at 100% for statements, branches, functions, and lines. New tests cover: - event handler attributes (`onclick`/`onerror`) stripped from allowed elements - `<script>` removal, including empty and nested cases - unknown/disallowed tags dropped (empty) or unwrapped (with content) - `<span>` styling honouring night mode (the previously uncovered branch) ## Before / after behavior N/A - no behaviour change, tests document existing behaviour. ## UI evidence N/A ## Scope - [x] This PR is focused on one change (no unrelated edits). **Note for reviewers:** the originating issue listed "verify `<p>` → `<div>` conversion" as a criterion, but `element.ts` treats `<p>` as an allowed tag (`P: allowNone`) and preserves it, so there is no `p`→`div` conversion in this component. The tests document the actual behaviour (`<p>` kept, attributes stripped). Happy to adjust if a conversion was intended elsewhere. --------- Co-authored-by: Fernando Lins <1887601+fernandolins@users.noreply.github.com>
Anki's TypeScript and Sass dependencies. Some TS/JS code is also stored separately in ../qt/aqt/data/web/.
To update all dependencies:
./update.sh
To add a new dev dependency, use something like:
./add.sh -D @rollup/plugin-alias