diff --git a/umap/static/umap/js/modules/utils.js b/umap/static/umap/js/modules/utils.js
index 2f0cb57a..1da8fd9f 100644
--- a/umap/static/umap/js/modules/utils.js
+++ b/umap/static/umap/js/modules/utils.js
@@ -84,11 +84,21 @@ export function escapeHTML(s) {
'div',
'iframe',
'img',
+ 'audio',
+ 'video',
+ 'source',
'br',
'span',
],
- ADD_ATTR: ['target', 'allow', 'allowfullscreen', 'frameborder', 'scrolling'],
- ALLOWED_ATTR: ['href', 'src', 'width', 'height', 'style', 'dir', 'title'],
+ ADD_ATTR: [
+ 'target',
+ 'allow',
+ 'allowfullscreen',
+ 'frameborder',
+ 'scrolling',
+ 'controls',
+ ],
+ ALLOWED_ATTR: ['href', 'src', 'width', 'height', 'style', 'dir', 'title', 'type'],
// Added: `geo:` URL scheme as defined in RFC5870:
// https://www.rfc-editor.org/rfc/rfc5870.html
// The base RegExp comes from:
diff --git a/umap/static/umap/unittests/utils.js b/umap/static/umap/unittests/utils.js
index c405b4d4..4943d1b4 100644
--- a/umap/static/umap/unittests/utils.js
+++ b/umap/static/umap/unittests/utils.js
@@ -192,6 +192,24 @@ describe('Utils', function () {
)
})
+ it('should not escape video tag with dedicated attributes', function () {
+ assert.equal(
+ Utils.escapeHTML(
+ ''
+ ),
+ ''
+ )
+ })
+
+ it('should not escape audio tag with dedicated attributes', function () {
+ assert.equal(
+ Utils.escapeHTML(
+ ''
+ ),
+ ''
+ )
+ })
+
it('should not fail with int value', function () {
assert.equal(Utils.escapeHTML(25), '25')
})
@@ -461,13 +479,12 @@ describe('Utils', function () {
})
describe('#normalize()', function () {
- it('should remove accents',
- function () {
- // French é
- assert.equal(Utils.normalize('aéroport'), 'aeroport')
- // American é
- assert.equal(Utils.normalize('aéroport'), 'aeroport')
- })
+ it('should remove accents', function () {
+ // French é
+ assert.equal(Utils.normalize('aéroport'), 'aeroport')
+ // American é
+ assert.equal(Utils.normalize('aéroport'), 'aeroport')
+ })
})
describe('#sortFeatures()', function () {
@@ -530,17 +547,17 @@ describe('Utils', function () {
})
})
- describe("#copyJSON", function () {
+ describe('#copyJSON', function () {
it('should actually copy the JSON', function () {
- let originalJSON = { "some": "json" }
+ let originalJSON = { some: 'json' }
let returned = Utils.CopyJSON(originalJSON)
// Change the original JSON
- originalJSON["anotherKey"] = "value"
+ originalJSON['anotherKey'] = 'value'
// ensure the two aren't the same object
assert.notEqual(returned, originalJSON)
- assert.deepEqual(returned, { "some": "json" })
+ assert.deepEqual(returned, { some: 'json' })
})
})
@@ -599,19 +616,34 @@ describe('Utils', function () {
})
describe('parseNaiveDate', () => {
it('should parse a date', () => {
- assert.equal(Utils.parseNaiveDate("2024/03/04").toISOString(), "2024-03-04T00:00:00.000Z")
+ assert.equal(
+ Utils.parseNaiveDate('2024/03/04').toISOString(),
+ '2024-03-04T00:00:00.000Z'
+ )
})
it('should parse a datetime', () => {
- assert.equal(Utils.parseNaiveDate("2024/03/04 12:13:14").toISOString(), "2024-03-04T00:00:00.000Z")
+ assert.equal(
+ Utils.parseNaiveDate('2024/03/04 12:13:14').toISOString(),
+ '2024-03-04T00:00:00.000Z'
+ )
})
it('should parse an iso datetime', () => {
- assert.equal(Utils.parseNaiveDate("2024-03-04T00:00:00.000Z").toISOString(), "2024-03-04T00:00:00.000Z")
+ assert.equal(
+ Utils.parseNaiveDate('2024-03-04T00:00:00.000Z').toISOString(),
+ '2024-03-04T00:00:00.000Z'
+ )
})
it('should parse a GMT time', () => {
- assert.equal(Utils.parseNaiveDate("04 Mar 2024 00:12:00 GMT").toISOString(), "2024-03-04T00:00:00.000Z")
+ assert.equal(
+ Utils.parseNaiveDate('04 Mar 2024 00:12:00 GMT').toISOString(),
+ '2024-03-04T00:00:00.000Z'
+ )
})
it('should parse a GMT time with explicit timezone', () => {
- assert.equal(Utils.parseNaiveDate("Thu, 04 Mar 2024 00:00:00 GMT+0300").toISOString(), "2024-03-03T00:00:00.000Z")
+ assert.equal(
+ Utils.parseNaiveDate('Thu, 04 Mar 2024 00:00:00 GMT+0300').toISOString(),
+ '2024-03-03T00:00:00.000Z'
+ )
})
})
})