4534b693e4
refs https://github.com/TryGhost/Team/issues/1871 This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped. To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay. Apart from that this fixes: - Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the <br /> tag` - The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards) - `@tryghost/string` is bumped because it contains the new escapeHtml method
33 lines
780 B
JSON
33 lines
780 B
JSON
{
|
|
"name": "@tryghost/members-offers",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"author": "Ghost Foundation",
|
|
"license": "MIT",
|
|
"main": "index.js",
|
|
"scripts": {
|
|
"dev": "echo \"Implement me!\"",
|
|
"test:unit": "NODE_ENV=testing c8 --all --reporter text --reporter cobertura mocha './test/**/*.test.js'",
|
|
"test": "yarn test:unit",
|
|
"lint": "eslint . --ext .js --cache"
|
|
},
|
|
"files": [
|
|
"index.js",
|
|
"lib"
|
|
],
|
|
"devDependencies": {
|
|
"bson-objectid": "2.0.3",
|
|
"c8": "7.12.0",
|
|
"mocha": "10.0.0",
|
|
"should": "13.2.3",
|
|
"sinon": "14.0.0"
|
|
},
|
|
"dependencies": {
|
|
"@tryghost/domain-events": "0.0.0",
|
|
"@tryghost/errors": "1.2.15",
|
|
"@tryghost/mongo-utils": "0.3.5",
|
|
"@tryghost/string": "0.2.0",
|
|
"lodash": "4.17.21"
|
|
}
|
|
}
|