vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(ui): reject base64 SVG data URLs

Browse Source
This commit is contained in:
Shakker
2026-02-24 22:00:56 +00:00
committed by Shakker
parent e7298b844f
commit 30cb849b10
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ui/src/ui/open-external-url.test.ts
View File

@@ -55,6 +55,18 @@ describe("resolveSafeExternalUrl", () => {
).toBeNull();
});
it("rejects base64-encoded SVG data image URLs", () => {
expect(
resolveSafeExternalUrl(
"data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIC8+",
baseHref,
{
allowDataImage: true,
},
),
).toBeNull();
});
it("rejects data image URLs unless explicitly enabled", () => {
expect(resolveSafeExternalUrl("data:image/png;base64,iVBORw0KGgo=", baseHref)).toBeNull();
});