Files
sproutclaw/packages/coding-agent/test/export-html-xss.test.ts
Samuel Painter ee462dd70d fix(coding-agent): sanitize markdown links in exported session HTML (#3532)
marked v15 does not filter dangerous URL protocols. The default link
renderer passes href values through verbatim, so markdown like
`[click](javascript:alert(1))` renders as a clickable XSS link in
shared/exported session HTML.

Add custom link and image renderers that:
- Block javascript:, vbscript:, and data: protocol URLs
- Escape href/title/alt attributes via escapeHtml()

Also escape img.mimeType in session image rendering to prevent
attribute breakout from crafted session JSONL.

Fixes #3531
2026-04-22 10:53:03 +02:00

29 lines
1.1 KiB
TypeScript

import { readFileSync } from "fs";
import { describe, expect, it } from "vitest";
describe("export HTML markdown link sanitization", () => {
const templateJs = readFileSync(new URL("../src/core/export-html/template.js", import.meta.url), "utf-8");
it("overrides the marked link renderer to block javascript: protocol", () => {
// The custom link renderer must check for dangerous protocols
expect(templateJs).toMatch(/link\s*\(\s*token\s*\)/);
expect(templateJs).toMatch(/javascript/i);
expect(templateJs).toMatch(/vbscript/i);
});
it("overrides the marked image renderer to block javascript: protocol", () => {
expect(templateJs).toMatch(/image\s*\(\s*token\s*\)/);
});
it("escapes href attributes in the custom link renderer", () => {
// The link renderer must escape href values to prevent attribute breakout
expect(templateJs).toMatch(/escapeHtml\(href\)/);
});
it("escapes image mimeType attributes", () => {
// Image mimeType must be escaped to prevent attribute breakout
expect(templateJs).not.toMatch(/\$\{img\.mimeType\}/);
expect(templateJs).toMatch(/escapeHtml\(img\.mimeType/);
});
});