fix release workflow and add xss-1 test

stephenlacy · stephenlacy · commit 06f009080c0b · 2021-03-22T20:16:09.000-07:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -15,8 +15,8 @@ jobs:
         uses: actions/checkout@v2
       - name: Build project # This would actually build your project, using zip for an example artifact
         run: |
-          GOOS=linux GOARCH=amd64 go build -o monokube main.go
-          tar -czvf monokube-linux-amd64.tar.gz monokube
+          GOOS=linux GOARCH=amd64 go build -o daz daz.go
+          tar -czvf daz-linux-amd64.tar.gz daz
       - name: Create Release
         id: create_release
         uses: actions/create-release@v1
@@ -34,6 +34,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: ./monokube-linux-amd64.tar.gz
-          asset_name: monokube-linux-amd64.tar.gz
+          asset_path: ./daz-linux-amd64.tar.gz
+          asset_name: daz-linux-amd64.tar.gz
           asset_content_type: application/gzip
diff --git a/daz_test.go b/daz_test.go
@@ -10,6 +10,7 @@ var fixture3 = "<div><div>one</div>one<>text</></div>"
 var fixture4 = "<div class='bg-grey-50' data-id='div-1'>content</div>"
 var fixture5 = "<div>O&#39;Brian<input type='text' value='input value&#39;s' /></div>"
 var fixture6 = "<div><img src='https://example.com/image.png' /><br /></div>"
+var fixture7 = "<div>&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;</div>"
 
 func TestBasicRender(t *testing.T) {
 	attrs := Attr{"class": "app view"}
@@ -72,6 +73,14 @@ func TestSelfClosing(t *testing.T) {
 	}
 }
 
+func TestXSS1(t *testing.T) {
+	root := H("div", "<script>alert('xss')</script>")
+	res := root()
+	if res != fixture7 {
+		t.Errorf("got: %v wanted: %v", res, fixture7)
+	}
+}
+
 func BenchmarkBasicRender(b *testing.B) {
 	attrs := Attr{"class": "app view"}
 	nav := H("nav", "Welcome")
