Skip to content
Snippets Groups Projects
Commit c062d058 authored by Karishma Chadha's avatar Karishma Chadha
Browse files

Escape special characters in user defined strings that can appear in the toolbox xml.

parent 52a6136c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/lib/make-toolbox-xml.js
+ 16
0
View file @ c062d058
...@@ -138,6 +138,18 @@ const motion = function (isStage, targetId) { ...@@ -138,6 +138,18 @@ const motion = function (isStage, targetId) {
`; `;
}; };
const xmlEscape = function (unsafe) {
return unsafe.replace(/[<>&'"]/g, c => {
switch (c) {
case '<': return '&lt;';
case '>': return '&gt;';
case '&': return '&amp;';
case '\'': return '&apos;';
case '"': return '&quot;';
}
});
};
const looks = function (isStage, targetId, costumeName, backdropName) { const looks = function (isStage, targetId, costumeName, backdropName) {
const hello = ScratchBlocks.ScratchMsgs.translate('LOOKS_HELLO', 'Hello!'); const hello = ScratchBlocks.ScratchMsgs.translate('LOOKS_HELLO', 'Hello!');
const hmm = ScratchBlocks.ScratchMsgs.translate('LOOKS_HMM', 'Hmm...'); const hmm = ScratchBlocks.ScratchMsgs.translate('LOOKS_HMM', 'Hmm...');
...@@ -714,6 +726,10 @@ const makeToolboxXML = function (isStage, targetId, categoriesXML, ...@@ -714,6 +726,10 @@ const makeToolboxXML = function (isStage, targetId, categoriesXML,
costumeName = '', backdropName = '', soundName = '') { costumeName = '', backdropName = '', soundName = '') {
const gap = [categorySeparator]; const gap = [categorySeparator];
costumeName = xmlEscape(costumeName);
backdropName = xmlEscape(backdropName);
soundName = xmlEscape(soundName);
const everything = [ const everything = [
xmlOpen, xmlOpen,
motion(isStage, targetId), gap, motion(isStage, targetId), gap,
......
test/integration/blocks.test.js
+ 18
0
View file @ c062d058
...@@ -191,6 +191,24 @@ describe('Working with the blocks', () => { ...@@ -191,6 +191,24 @@ describe('Working with the blocks', () => {
await clickText('newname', scope.blocksTab); await clickText('newname', scope.blocksTab);
}); });
test('Renaming costume with a special character should not break toolbox', async () => {
await loadUri(uri);
await clickXpath('//button[@title="Try It"]');
// Rename the costume
await clickText('Costumes');
const el = await findByXpath("//input[@value='costume1']");
await el.sendKeys('<NewCostume>');
// Make sure it is updated in the block menu
await clickText('Code');
await clickText('Looks', scope.blocksTab);
await driver.sleep(500); // Wait for scroll to finish
await clickText('<NewCostume>', scope.blocksTab);
await clickText('Sound', scope.blocksTab);
});
// NOTE: This test describes the current behavior so that changes are not // NOTE: This test describes the current behavior so that changes are not
// introduced inadvertly, but I know this is not the desired behavior // introduced inadvertly, but I know this is not the desired behavior
test('Adding costumes DOES NOT update the default costume name in the toolbox', async () => { test('Adding costumes DOES NOT update the default costume name in the toolbox', async () => {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment