mozilla
Prevent links from being rendered in user bios
Fixes mozilla/addons#15641
Context
We have basic URL detection on the server, but this doesn't detect //example.com URLs as it would be a bit too strict - someone could want to use double slashes legitimately... More importantly, this field allows HTML, but the cleaning is handled by addons-frontend through DOMPurify. So, to completely prevent links, we need to adjust the list of allowed tags here.
Testing
Log in, edit your profile, add some HTML in your bio, verify it still works. Then try to add HTML links like <a href="//example.com">link</a> and verify it doesn't get rendered as a link.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 98.29%. Comparing base (
b7a0d15) to head (07f615a). Report is 8 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #13643 +/- ##
=======================================
Coverage 98.29% 98.29%
=======================================
Files 268 268
Lines 10663 10667 +4
Branches 3280 3282 +2
=======================================
+ Hits 10481 10485 +4
Misses 169 169
Partials 13 13
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}