fix: remove extra sanitization from clipboard since it's no longer ne…

…eded
n8n-io · Sep 20, 2024 · 24a1fa9 · 24a1fa9
1 parent 180fc4b
commit 24a1fa9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 25 deletions.
diff --git a/packages/editor-ui/src/composables/__tests__/useClipboard.test.ts b/packages/editor-ui/src/composables/__tests__/useClipboard.test.ts
@@ -1,4 +1,4 @@
-import { render, within } from '@testing-library/vue';
+import { render } from '@testing-library/vue';
 import userEvent from '@testing-library/user-event';
 import { defineComponent, h, ref } from 'vue';
 import { useClipboard } from '@/composables/useClipboard';
@@ -8,13 +8,9 @@ const testValue = 'This is a test';
 const TestComponent = defineComponent({
 	setup() {
 		const pasted = ref('');
-		const htmlContent = ref<HTMLElement>();
 		const clipboard = useClipboard({
 			onPaste(data) {
 				pasted.value = data;
-				if (htmlContent.value) {
-					htmlContent.value.innerHTML = data;
-				}
 			},
 		});
 
@@ -27,7 +23,6 @@ const TestComponent = defineComponent({
 					},
 				}),
 				h('div', { 'data-test-id': 'paste' }, pasted.value),
-				h('div', { 'data-test-id': 'xss-attack', ref: htmlContent }),
 			]);
 	},
 });
@@ -73,21 +68,4 @@ describe('useClipboard()', () => {
 			expect(pasteElement.textContent).toEqual(testValue);
 		});
 	});
-
-	it('sanitizes HTML', async () => {
-		const unsafeHtml = 'https://www.ex.com/sfefdfd<img/src/onerror=alert(1)>fdf/xdfef.json';
-		const { getByTestId } = render(TestComponent);
-
-		await userEvent.paste(unsafeHtml);
-		expect(within(getByTestId('xss-attack')).queryByRole('img')).not.toBeInTheDocument();
-	});
-
-	it('sanitizes URL with HTML tags', async () => {
-		// eslint-disable-next-line n8n-local-rules/no-unneeded-backticks
-		const unsafeURL = `https://www.ex.com/sfefdfd<details title='"><details title=&#39;&quot;><img/src/onerror=alert(document.domain)>/&#39;>'>/c.json`;
-		const { getByTestId } = render(TestComponent);
-
-		await userEvent.paste(unsafeURL);
-		expect(getByTestId('xss-attack').innerHTML).toBe('https://www.ex.com/sfefdfd/c.json');
-	});
 });
diff --git a/packages/editor-ui/src/composables/useClipboard.ts b/packages/editor-ui/src/composables/useClipboard.ts
@@ -1,7 +1,6 @@
 import { onBeforeUnmount, onMounted, ref } from 'vue';
 import { useClipboard as useClipboardCore } from '@vueuse/core';
 import { useDebounce } from '@/composables/useDebounce';
-import sanitize from 'sanitize-html';
 
 type ClipboardEventFn = (data: string, event?: ClipboardEvent) => void;
 
@@ -43,7 +42,7 @@ export function useClipboard(
 
 		const clipboardData = event.clipboardData;
 		if (clipboardData !== null) {
-			const clipboardValue = sanitize(clipboardData.getData('text/plain'));
+			const clipboardValue = clipboardData.getData('text/plain');
 			onPasteCallback.value(clipboardValue, event);
 		}
 	}