CVE-2025-52558 - Fixing XSS in error handling output of watch overview list

2025-12-09 01:25:38 +00:00 · 2025-06-21 09:44:06 +02:00
parent 4f362385e1
commit 3d5a544ea6
6 changed files with 61 additions and 79 deletions
--- a/changedetectionio/tests/unit/test_jinja2_security.py
+++ b/changedetectionio/tests/unit/test_jinja2_security.py
@@ -51,6 +51,9 @@ class TestJinja2SSTI(unittest.TestCase):
        for attempt in attempt_list:
            self.assertEqual(len(safe_jinja.render(attempt)), 0, f"string test '{attempt}' is correctly empty")

+    def test_jinja2_escaped_html(self):
+        x = safe_jinja.render_fully_escaped('woo <a href="https://google.com">dfdfd</a>')
+        self.assertEqual(x, "woo &lt;a href=&#34;https://google.com&#34;&gt;dfdfd&lt;/a&gt;")


 if __name__ == '__main__':