Fixes minor security vulnerability (#30948) (#30951)

Merged via squash. Prepared head SHA: cfbe5fe830 Co-authored-by: benediktjohannes <253604130+benediktjohannes@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
2026-05-03 01:00:20 +00:00 · 2026-03-02 01:38:01 +01:00
parent dc816b84ea
commit b81e1b902d
3 changed files with 23 additions and 1 deletions
--- a/src/security/external-content.test.ts
+++ b/src/security/external-content.test.ts
@@ -187,6 +187,13 @@ describe("external-content security", () => {
        ["\u2039", "\u203A"], // single angle quotation marks
        ["\u27E8", "\u27E9"], // mathematical angle brackets
        ["\uFE64", "\uFE65"], // small less-than/greater-than signs
+        ["\u00AB", "\u00BB"], // guillemets (double angle quotation marks)
+        ["\u300A", "\u300B"], // CJK double angle brackets
+        ["\u27EA", "\u27EB"], // mathematical double angle brackets
+        ["\u27EC", "\u27ED"], // white tortoise shell brackets
+        ["\u27EE", "\u27EF"], // flattened parentheses
+        ["\u276C", "\u276D"], // medium angle bracket ornaments
+        ["\u276E", "\u276F"], // heavy angle quotation ornaments
      ];

      for (const [left, right] of bracketPairs) {