helpy4/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich synced 2025-10-17 18:19:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: cross site scripting issue on /share pages (#16255)

Browse source
This commit is contained in:
Jason Rasmussen 2025-02-22 06:32:53 -05:00 committed by GitHub
parent caea3a0812
commit e4b6efc1f5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 58 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
e2e/src/api/specs/shared-link.e2e-spec.ts
View file

@ -95,7 +95,7 @@ describe('/shared-links', () => {
expect(resp.status).toBe(200);
expect(resp.header['content-type']).toContain('text/html');
expect(resp.text).toContain(
`<meta name="description" content="${metadataAlbum.assets.length} shared photos & videos" />`,
`<meta name="description" content="${metadataAlbum.assets.length} shared photos &amp; videos" />`,
);
});
@ -103,14 +103,14 @@ describe('/shared-links', () => {
const resp = await request(shareUrl).get(`/${linkWithAlbum.key}`);
expect(resp.status).toBe(200);
expect(resp.header['content-type']).toContain('text/html');
expect(resp.text).toContain(`<meta name="description" content="0 shared photos & videos" />`);
expect(resp.text).toContain(`<meta name="description" content="0 shared photos &amp; videos" />`);
});
it('should have correct asset count in meta tag for shared asset', async () => {
const resp = await request(shareUrl).get(`/${linkWithAssets.key}`);
expect(resp.status).toBe(200);
expect(resp.header['content-type']).toContain('text/html');
expect(resp.text).toContain(`<meta name="description" content="1 shared photos & videos" />`);
expect(resp.text).toContain(`<meta name="description" content="1 shared photos &amp; videos" />`);
});
it('should have fqdn og:image meta tag for shared asset', async () => {