From 2222f767a971909d288094a34e2705f0e15447b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Jorel?= <raphael.jorel@laposte.net>
Date: Fri, 12 Feb 2021 10:59:49 +0100
Subject: [PATCH 1/2] Fix sanitise function

HTML uses `&gt;` to encode `>` characters.
---
 src/scripts/lib/utils.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/scripts/lib/utils.ts b/src/scripts/lib/utils.ts
index 9a3339d..e34b737 100644
--- a/src/scripts/lib/utils.ts
+++ b/src/scripts/lib/utils.ts
@@ -93,7 +93,7 @@ export const sanitise = <T>(value: T | string): T | string => {
 
   return value
     .replace(/&/g, '&amp;')
-    .replace(/>/g, '&rt;')
+    .replace(/>/g, '&gt;')
     .replace(/</g, '&lt;')
     .replace(/"/g, '&quot;');
 };

From 22f9be0d9371e79ecd2b31f7329543a18cfc93b0 Mon Sep 17 00:00:00 2001
From: Matt Triff <matt.triff@gmail.com>
Date: Tue, 21 Dec 2021 18:07:31 -0500
Subject: [PATCH 2/2] Update tests for &gt;

---
 src/scripts/components/input.test.ts |  2 +-
 src/scripts/lib/utils.test.ts        | 13 +++++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/scripts/components/input.test.ts b/src/scripts/components/input.test.ts
index c84ec25..777f080 100644
--- a/src/scripts/components/input.test.ts
+++ b/src/scripts/components/input.test.ts
@@ -315,7 +315,7 @@ describe('components/input', () => {
       const value = '<script>somethingMalicious();</script>';
       instance.element.value = value;
       expect(instance.value).to.equal(
-        '&lt;script&rt;somethingMalicious();&lt;/script&rt;',
+        '&lt;script&gt;somethingMalicious();&lt;/script&gt;',
       );
     });
   });
diff --git a/src/scripts/lib/utils.test.ts b/src/scripts/lib/utils.test.ts
index c67afeb..b618237 100644
--- a/src/scripts/lib/utils.test.ts
+++ b/src/scripts/lib/utils.test.ts
@@ -1,19 +1,20 @@
 /* eslint-disable no-new-wrappers */
 import { expect } from 'chai';
 import { stub } from 'sinon';
+
 import {
-  getRandomNumber,
+  cloneObject,
+  diff,
+  dispatchEvent,
+  existsInArray,
   generateChars,
   generateId,
+  getRandomNumber,
   getType,
   isType,
   sanitise,
   sortByAlpha,
   sortByScore,
-  existsInArray,
-  cloneObject,
-  dispatchEvent,
-  diff,
 } from './utils';
 
 describe('utils', () => {
@@ -113,7 +114,7 @@ describe('utils', () => {
         const value = '<script>somethingMalicious();</script>';
         const output = sanitise(value);
         expect(output).to.equal(
-          '&lt;script&rt;somethingMalicious();&lt;/script&rt;',
+          '&lt;script&gt;somethingMalicious();&lt;/script&gt;',
         );
       });
     });