Added more tests and modified CHANGELOG

apostrophecms · Sep 27, 2023 · 2c7ac45 · 2c7ac45
1 parent 4f6cea6
commit 2c7ac45
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,8 @@
 # Changelog
 
 ## UNRELEASED
-- Added `allowedEmptyAttributes` option and kept empty `alt` value by default.
+
+- Introduced the `allowedEmptyAttributes` option, enabling explicit specification of empty string values for select attributes, with the default attribute set to `alt`.
 
 ## 2.11.0 (2023-06-21)
 

diff --git a/index.js b/index.js
@@ -298,8 +298,8 @@ function sanitizeHtml(html, options, _recursing) {
           // If the value is empty, check if the attribute is in the allowedEmptyAttributes array.
           // If it is not in the allowedEmptyAttributes array, and it is a known non-boolean attribute, delete it
           // List taken from https://html.spec.whatwg.org/multipage/indices.html#attributes-3
-          if (value === '' && (!options.allowedEmptyAttributes.includes(a)) && (options.nonBooleanAttributes.includes(a) ||
-            options.nonBooleanAttributes.includes('*'))) {
+          if (value === '' && (!options.allowedEmptyAttributes.includes(a)) &&
+            (options.nonBooleanAttributes.includes(a) || options.nonBooleanAttributes.includes('*'))) {
             delete frame.attribs[a];
             return;
           }

diff --git a/test/test.js b/test/test.js
@@ -1622,21 +1622,31 @@ describe('sanitizeHtml', function() {
       allowedTags: [ 'img' ]
     }), '<img alt="" src="https://example.com/" />');
   });
-  it('should not remove empty alt attribute value by default when disabled', function() {
+  it('should convert the implicit empty alt attribute value to be an empty string by default', function() {
+    assert.equal(sanitizeHtml('<img alt src="https://example.com/" />', {
+      allowedAttributes: { img: [ 'alt', 'src' ] },
+      allowedTags: [ 'img' ]
+    }), '<img alt="" src="https://example.com/" />');
+  });
+  it('should not remove empty alt attribute value by default when an empty nonBooleanAttributes option passed in', function() {
     assert.equal(sanitizeHtml('<img alt="" src="https://example.com/" />', {
       allowedAttributes: { img: [ 'alt', 'src' ] },
       allowedTags: [ 'img' ],
       nonBooleanAttributes: []
     }), '<img alt="" src="https://example.com/" />');
   });
-  it('should set empty value to attribute specified in allowedEmptyAttributes option', function() {
-    assert.equal(sanitizeHtml('<a href target="_blank">hello</a>', {
-      allowedEmptyAttributes: [ 'href' ]
-    }), '<a href="" target="_blank">hello</a>');
+  it('should not remove the empty attributes specified in allowedEmptyAttributes option', function() {
+    assert.equal(sanitizeHtml('<img alt="" src="" />', {
+      allowedAttributes: { img: [ 'alt', 'src' ] },
+      allowedTags: [ 'img' ],
+      allowedEmptyAttributes: [ 'alt', 'src' ]
+    }), '<img alt="" src="" />');
   });
-  it('should not remove empty attribute specified in allowedEmptyAttributes option', function() {
-    assert.equal(sanitizeHtml('<a href="" target="_blank">hello</a>', {
-      allowedEmptyAttributes: [ 'href' ]
-    }), '<a href="" target="_blank">hello</a>');
+  it('should remove all the empty attributes when an empty allowedEmptyAttributes option passed in', function() {
+    assert.equal(sanitizeHtml('<img alt="" src="https://example.com/" target="" />', {
+      allowedAttributes: { img: [ 'alt', 'src' ] },
+      allowedTags: [ 'img' ],
+      allowedEmptyAttributes: []
+    }), '<img src="https://example.com/" />');
   });
 });