kunthawat/emdash-patch-imageupload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Emdash source with visual editor image upload fix

Browse Source 
Fixes:
1. media.ts: wrap placeholder generation in try-catch
2. toolbar.ts: check r.ok, display error message in popover
This commit is contained in:
kunthawat
2026-05-03 10:44:54 +07:00
parent 78f81bebb6
commit 2d1be52177
2352 changed files with 662964 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
packages/core/tests/unit/middleware/csp.test.ts Normal file
View File

@@ -0,0 +1,30 @@
import { describe, it, expect } from "vitest";
import { buildEmDashCsp } from "../../../src/astro/middleware/csp.js";
describe("buildEmDashCsp", () => {
it("includes https: in img-src to allow external images", () => {
const csp = buildEmDashCsp();
const imgSrc = csp.split("; ").find((d) => d.startsWith("img-src"));
expect(imgSrc).toContain("https:");
});
it("still includes self, data:, and blob: in img-src", () => {
const csp = buildEmDashCsp();
const imgSrc = csp.split("; ").find((d) => d.startsWith("img-src"));
expect(imgSrc).toContain("'self'");
expect(imgSrc).toContain("data:");
expect(imgSrc).toContain("blob:");
});
it("keeps connect-src restricted to self", () => {
const csp = buildEmDashCsp();
const connectSrc = csp.split("; ").find((d) => d.startsWith("connect-src"));
expect(connectSrc).toBe("connect-src 'self'");
});
it("blocks framing with frame-ancestors none", () => {
const csp = buildEmDashCsp();
expect(csp).toContain("frame-ancestors 'none'");
});
});