Commit ffa0d122 authored by David Sveningsson's avatar David Sveningsson
Browse files

fix(meta): regex matching attribute allowed values matches entire string

Regexes is now implicitly wrapped by `^` and `$` anchors, e.g. `/\d+/` matches
`1` but not `foo1` as it previously did.

While this is semi-breaking the intention was always to match the entire string
and was documented as such. Internally this is the only way it was used.
parent 7dd69144
Pipeline #342139694 passed with stages
in 11 minutes and 30 seconds
......@@ -114,7 +114,7 @@ Array [
"column": 22,
"context": Object {
"allowed": Array [
/\\\\d\\+/,
/\\^\\\\d\\+\\$/,
],
"attribute": "ducks",
"element": "my-component",
......
......@@ -12,7 +12,7 @@ Array [
"column": 4,
"context": Object {
"allowed": Array [
/\\.\\*/,
/\\^\\.\\*\\$/,
],
"attribute": "href",
"element": "a",
......
This diff is collapsed.
......@@ -6,7 +6,7 @@
"contenteditable": ["", "true", "false"],
"dir": ["ltr", "rtl", "auto"],
"draggable": ["true", "false"],
"id": ["/^\\S+$/"],
"id": ["/\\S+/"],
"hidden": [],
"tabindex": ["/-?\\d+/"]
},
......
......@@ -436,7 +436,7 @@ describe("MetaTable", () => {
const meta = table.getMetaFor("foo");
expect(meta).not.toBeUndefined();
expect(meta?.attributes).toEqual({
attr: [/foo/],
attr: [/^foo$/],
});
});
......@@ -453,7 +453,24 @@ describe("MetaTable", () => {
const meta = table.getMetaFor("foo");
expect(meta).not.toBeUndefined();
expect(meta?.attributes).toEqual({
attr: [/foo/i],
attr: [/^foo$/i],
});
});
it("should handle explicit anchors", () => {
expect.assertions(2);
const table = new MetaTable();
table.loadFromObject({
foo: mockEntry({
attributes: {
attr: ["/^foo/", "/bar$/", "/^baz$/"],
},
}),
});
const meta = table.getMetaFor("foo");
expect(meta).not.toBeUndefined();
expect(meta?.attributes).toEqual({
attr: [/^foo$/, /^bar$/, /^baz$/],
});
});
......
......@@ -270,11 +270,11 @@ function expandRegexValue(value: string | RegExp): string | RegExp {
if (value instanceof RegExp) {
return value;
}
const match = value.match(/^\/(.*)\/([i]*)$/);
const match = value.match(/^\/\^?([^/$]*)\$?\/([i]*)$/);
if (match) {
const [, expr, flags] = match;
// eslint-disable-next-line security/detect-non-literal-regexp
return new RegExp(expr, flags);
return new RegExp(`^${expr}$`, flags);
} else {
return value;
}
......
......@@ -22,7 +22,7 @@ Object {
/\\^\\\\S\\+\\$/,
],
"tabindex": Array [
/-\\?\\\\d\\+/,
/\\^-\\?\\\\d\\+\\$/,
],
},
"deprecatedAttributes": Array [
......@@ -60,7 +60,7 @@ Object {
/\\^\\\\S\\+\\$/,
],
"tabindex": Array [
/-\\?\\\\d\\+/,
/\\^-\\?\\\\d\\+\\$/,
],
},
"deprecatedAttributes": Array [
......
......@@ -9,3 +9,17 @@
<col></col>
</colgroup>
</table>
<table>
<colgroup>
<!-- should not allow negative span -->
<col span="-1">
<!-- should not allow omitted/empty -->
<col span>
<col span="">
<!-- should not allow text -->
<col span="foobar4u">
</colgroup>
</table>
......@@ -4,3 +4,10 @@
<col>
</colgroup>
</table>
<!-- should allow integer span -->
<table>
<colgroup>
<col span="2">
</colgroup>
</table>
......@@ -21,3 +21,20 @@
<thead></thead>
<colgroup></colgroup>
</table>
<table>
<!-- should not allow negative span -->
<colgroup span="-1"></colgroup>
<!-- should not allow omitted/empty -->
<colgroup span></colgroup>
<colgroup span=""></colgroup>
<!-- should not allow text -->
<colgroup span="foobar4u"></colgroup>
<!-- should not allow nested col when using span, but no rule currently covers this -->
<colgroup span="2">
<col>
</colgroup>
</table>
......@@ -23,3 +23,8 @@
<colgroup></colgroup>
<thead></thead>
</table>
<!-- should allow integer span -->
<table>
<colgroup span="2"></colgroup>
</table>
......@@ -11,6 +11,10 @@
<p id="foo bar"></p>
<p hidden="foobar"></p>
<!-- tabindex cannot be empty or textual (even with a number inside) -->
<p tabindex=""></p>
<p tabindex="foobar"></p>
<p tabindex="foobar4u"></p>
<p contextmenu="foobar"></p>
......@@ -3,3 +3,13 @@
<span>foo</span>
<div>bar</div>
</select>
<!-- should not allow negative size -->
<select size="-1"></select>
<!-- should not allow omitted/empty size -->
<select size></select>
<select size=""></select>
<!-- should not allow text size -->
<select size="foobar4u"></select>
......@@ -11,3 +11,6 @@
<script></script>
<template></template>
</select>
<!-- should allow integer size -->
<select size="10"></select>
......@@ -2,3 +2,19 @@
<div>
<td>foo</td>
</div>
<table>
<tbody>
<tr>
<!-- should not allow negative colspan/rowspan -->
<td colspan="-1" rowspan="-1"></td>
<!-- should not allow omitted/empty colspan/rowspan -->
<td colspan rowspan></td>
<td colspan="" rowspan=""></td>
<!-- should not allow text colspan/rowspan -->
<td colspan="foobar4u" rowspan="foobar4u"></td>
</tr>
</tbody>
</table>
......@@ -17,3 +17,12 @@
</tr>
</tbody>
</table>
<!-- should allow integer colspan/rowspan -->
<table>
<tbody>
<tr>
<td colspan="2" rowspan="2"></td>
</tr>
</tbody>
</table>
......@@ -3,3 +3,13 @@
<span>foo</span>
<div>bar</div>
</textarea>
<!-- should not allow negative values -->
<textarea cols="-1" maxlength="-1" minlength="-1" rows="-1"></textarea>
<!-- should not allow omitted/empty values -->
<textarea cols maxlength minlength rows></textarea>
<textarea cols="" maxlength="" minlength="" rows=""></textarea>
<!-- should not allow text values -->
<textarea cols="foobar4u" maxlength="foobar4u" minlength="foobar4u" rows="foobar4u"></textarea>
<textarea></textarea>
<!-- should allow positive integers -->
<textarea cols="1" maxlength="1" minlength="1" rows="1"></textarea>
......@@ -28,3 +28,19 @@
</tr>
</tbody>
</table>
<table>
<tbody>
<tr>
<!-- should not allow negative colspan/rowspan -->
<th scope="col" colspan="-1" rowspan="-1"></th>
<!-- should not allow omitted/empty colspan/rowspan -->
<th scope="col" colspan rowspan></th>
<th scope="col" colspan="" rowspan=""></th>
<!-- should not allow text colspan/rowspan -->
<th scope="col" colspan="foobar4u" rowspan="foobar4u"></th>
</tr>
</tbody>
</table>
......@@ -30,3 +30,12 @@
</tr>
</tbody>
</table>
<!-- should allow integer colspan/rowspan -->
<table>
<tbody>
<tr>
<th scope="col" colspan="2" rowspan="2"></th>
</tr>
</tbody>
</table>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment