admin/lingxi-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 灵犀 Studio Web UI 定制版
Build / build (push) Has been cancelled
Details
NPM Lockfile Check / npm ci --ignore-scripts (push) Has been cancelled
Details
Playwright / e2e (push) Has been cancelled
Details

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
yi
2026-06-05 11:29:11 +08:00
commit 7d10320a82
643 changed files with 164406 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/client/highlight-safety.test.ts
+39
View File
@@ -0,0 +1,39 @@
import { describe, expect, it } from 'vitest'
import { renderHighlightedCodeBlock } from '@/components/hermes/chat/highlight'
describe('highlight safety', () => {
it('escapes large unknown code content', () => {
const html = renderHighlightedCodeBlock('<img src=x onerror=alert(1)>'.repeat(100), 'unknown', 'Copy')
expect(html).toContain('&lt;img')
expect(html).not.toContain('<img')
})
it('does not emit executable HTML for known-language code', () => {
const html = renderHighlightedCodeBlock('<script>alert(1)</script>', 'xml', 'Copy')
expect(html).not.toContain('<script>')
expect(html).toContain('&lt;')
})
it('escapes the language label', () => {
const html = renderHighlightedCodeBlock('x'.repeat(5000), '<script>alert(1)</script>', 'Copy')
expect(html).toContain('&lt;script&gt;alert(1)&lt;/script&gt;')
expect(html).not.toContain('<script>')
})
it('sanitizes the language class', () => {
const html = renderHighlightedCodeBlock('x'.repeat(5000), 'foo bar"><img', 'Copy')
expect(html).toContain('language-foo-bar---img')
})
it('escapes the copy label', () => {
const html = renderHighlightedCodeBlock('x', 'json', 'Copy <now>')
expect(html).toContain('Copy &lt;now&gt;')
expect(html).not.toContain('Copy <now>')
})
})