Skip to content
Snippets Groups Projects
Unverified Commit aa7d5255 authored by Karishma Chadha's avatar Karishma Chadha Committed by GitHub
Browse files

Merge pull request #4486 from kchadha/xml-escape 

Escape special characters in toolbox xml
parents 1f2f41b5 c062d058
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/lib/make-toolbox-xml.js
+ 16
0
View file @ aa7d5255
...@@ -138,6 +138,18 @@ const motion = function (isStage, targetId) { ...@@ -138,6 +138,18 @@ const motion = function (isStage, targetId) {
`; `;
}; };
const xmlEscape = function (unsafe) {
return unsafe.replace(/[<>&'"]/g, c => {
switch (c) {
case '<': return '&lt;';
case '>': return '&gt;';
case '&': return '&amp;';
case '\'': return '&apos;';
case '"': return '&quot;';
}
});
};
const looks = function (isStage, targetId, costumeName, backdropName) { const looks = function (isStage, targetId, costumeName, backdropName) {
const hello = ScratchBlocks.ScratchMsgs.translate('LOOKS_HELLO', 'Hello!'); const hello = ScratchBlocks.ScratchMsgs.translate('LOOKS_HELLO', 'Hello!');
const hmm = ScratchBlocks.ScratchMsgs.translate('LOOKS_HMM', 'Hmm...'); const hmm = ScratchBlocks.ScratchMsgs.translate('LOOKS_HMM', 'Hmm...');
...@@ -714,6 +726,10 @@ const makeToolboxXML = function (isStage, targetId, categoriesXML, ...@@ -714,6 +726,10 @@ const makeToolboxXML = function (isStage, targetId, categoriesXML,
costumeName = '', backdropName = '', soundName = '') { costumeName = '', backdropName = '', soundName = '') {
const gap = [categorySeparator]; const gap = [categorySeparator];
costumeName = xmlEscape(costumeName);
backdropName = xmlEscape(backdropName);
soundName = xmlEscape(soundName);
const everything = [ const everything = [
xmlOpen, xmlOpen,
motion(isStage, targetId), gap, motion(isStage, targetId), gap,
......
test/integration/blocks.test.js
+ 18
0
View file @ aa7d5255
...@@ -191,6 +191,24 @@ describe('Working with the blocks', () => { ...@@ -191,6 +191,24 @@ describe('Working with the blocks', () => {
await clickText('newname', scope.blocksTab); await clickText('newname', scope.blocksTab);
}); });
test('Renaming costume with a special character should not break toolbox', async () => {
await loadUri(uri);
await clickXpath('//button[@title="Try It"]');
// Rename the costume
await clickText('Costumes');
const el = await findByXpath("//input[@value='costume1']");
await el.sendKeys('<NewCostume>');
// Make sure it is updated in the block menu
await clickText('Code');
await clickText('Looks', scope.blocksTab);
await driver.sleep(500); // Wait for scroll to finish
await clickText('<NewCostume>', scope.blocksTab);
await clickText('Sound', scope.blocksTab);
});
// NOTE: This test describes the current behavior so that changes are not // NOTE: This test describes the current behavior so that changes are not
// introduced inadvertly, but I know this is not the desired behavior // introduced inadvertly, but I know this is not the desired behavior
test('Adding costumes DOES NOT update the default costume name in the toolbox', async () => { test('Adding costumes DOES NOT update the default costume name in the toolbox', async () => {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment