Fixes issue with using transformTags without textFilter (apostrophecm…

…s#395) * Fixes issue with using transformTags without textFilter * Updates changelog
alex-rantos · Aug 7, 2020 · b218a72 · b218a72
1 parent d236fff
commit b218a72
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,8 @@
 ## Changelog
 
 2.0.0-beta.2:
-- Add `files` to `package.json` to prevent publishing unnecessary files to npm #392
-
-Thanks to [styfle](https://github.com/styfle) for contributions to this patch version update.
+- Add `files` to `package.json` to prevent publishing unnecessary files to npm #392. Thanks to [styfle](https://github.com/styfle) for the contribution.
+- Fixes a bug when using `transformTags` with out `textFilter`. Thanks to [Andrzej Porebski](https://github.com/andpor) for the help with a failing test.
 
 2.0.0-beta:
 - Moves the `index.js` file to the project root and removes all build steps within the package. Going forward, it is up to the developer to include sanitize-html in their project builds as-needed. This removes major points of conflict with project code and frees this module to not worry about myriad build-related questions.

diff --git a/index.js b/index.js
@@ -178,6 +178,7 @@ function sanitizeHtml(html, options, _recursing) {
   let transformMap;
   let skipText;
   let skipTextDepth;
+  let addedText = false;
 
   initializeState();
 
@@ -391,6 +392,7 @@ function sanitizeHtml(html, options, _recursing) {
         result += '>';
         if (frame.innerText && !hasText && !options.textFilter) {
           result += escapeHtml(frame.innerText);
+          addedText = true;
         }
       }
       if (skip) {
@@ -419,9 +421,9 @@ function sanitizeHtml(html, options, _recursing) {
         result += text;
       } else {
         const escaped = escapeHtml(text, false);
-        if (options.textFilter) {
+        if (options.textFilter && !addedText) {
           result += options.textFilter(escaped, tag);
-        } else {
+        } else if (!addedText) {
           result += escaped;
         }
       }

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sanitize-html",
-  "version": "2.0.0-beta",
+  "version": "2.0.0-beta.2",
   "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
   "sideEffects": false,
   "main": "index.js",
@@ -41,4 +41,4 @@
     "mocha": "^5.2.0",
     "sinon": "^9.0.2"
   }
-}
+}
diff --git a/test/test.js b/test/test.js
@@ -202,6 +202,20 @@ describe('sanitizeHtml', function() {
     }), '<a href="http://somelink">some_text_need"to&lt;be&gt;filtered</a>');
   });
 
+  it('should replace text and attributes when they are changed by transforming function and textFilter is set', function () {
+    assert.equal(sanitizeHtml('<a href="http://somelink">some text</a>', {
+      transformTags: {
+        a: function (tagName, attribs) {
+          return {
+            tagName: tagName,
+            attribs: attribs,
+            text: 'some good text'
+          };
+        }
+      }
+    }), '<a href="http://somelink">some good text</a>');
+  });
+
   it('should add new text when not initially set and replace attributes when they are changed by transforming function', function () {
     assert.equal(sanitizeHtml('<a href="http://somelink"></a>', {
       transformTags: {
@@ -745,8 +759,8 @@ describe('sanitizeHtml', function() {
     );
   });
   it('should sanitize styles correctly', function() {
-    const sanitizeString = '<p dir="ltr"><strong>beste</strong><em>testestes</em><s>testestset</s><u>testestest</u></p><ul dir="ltr"> <li><u>test</u></li></ul><blockquote dir="ltr"> <ol> <li><u>test</u></li><li><u>test</u></li><li style="text-align: right"><u>test</u></li><li style="text-align: justify"><u>test</u></li></ol> <p><u><span style="color:#00FF00">test</span></u></p><p><span style="color:#00FF00"><span style="font-size:36px">TESTETESTESTES</span></span></p></blockquote>';
-    const expected = '<p dir="ltr"><strong>beste</strong><em>testestes</em><s>testestset</s><u>testestest</u></p><ul dir="ltr"> <li><u>test</u></li></ul><blockquote dir="ltr"> <ol> <li><u>test</u></li><li><u>test</u></li><li style="text-align: right"><u>test</u></li><li style="text-align: justify"><u>test</u></li></ol> <p><u><span style="color:#00FF00">test</span></u></p><p><span style="color:#00FF00"><span style="font-size:36px">TESTETESTESTES</span></span></p></blockquote>';
+    const sanitizeString = '<p dir="ltr"><strong>beste</strong><em>testestes</em><s>testestset</s><u>testestest</u></p><ul dir="ltr"> <li><u>test</u></li></ul><blockquote dir="ltr"> <ol> <li><u>test</u></li><li><u>test</u></li><li style="text-align: right"><u>test</u></li><li style="text-align: justify"><u>test</u></li></ol> <p><u><span style="color:#00FF00">test</span></u></p><p><span style="color:#00FF00"><span style="font-size:36px">TESTETESTESTES</span></span></p></blockquote>';
+    const expected = '<p dir="ltr"><strong>beste</strong><em>testestes</em><s>testestset</s><u>testestest</u></p><ul dir="ltr"> <li><u>test</u></li></ul><blockquote dir="ltr"> <ol> <li><u>test</u></li><li><u>test</u></li><li style="text-align: right"><u>test</u></li><li style="text-align: justify"><u>test</u></li></ol> <p><u><span style="color:#00FF00">test</span></u></p><p><span style="color:#00FF00"><span style="font-size:36px">TESTETESTESTES</span></span></p></blockquote>';
     assert.equal(
       sanitizeHtml(sanitizeString, {
         allowedTags: false,