1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| import { sanitizeHtml } from "../html";
|
| const htmlSanitizeList = [
| {
| input: '<iframe src="http://malicious.com"></iframe>',
| expected: "",
| },
| {
| input: "<script>alert('XSS');</script>",
| expected: "",
| },
| {
| input: "\"><img src=x onerror=alert('XSS')>",
| expected: '"><img src="x" />',
| },
| {
| input: "<script>alert(1)</script foo='bar'>",
| expected: "",
| },
| {
| input: "><script>alert('XSS')</script>",
| expected: ">",
| },
| {
| input: '<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<script>alert(\'XSS\');</script>]]></foo>',
| expected: "<foo></foo>",
| },
| {
| input: "It's a test to check if <, > and & are escaped",
| expected: "It's a test to check if <, > and & are escaped",
| },
| ];
|
| describe("Helper function html sanitize", () => {
| test("sanitize html list", () => {
| htmlSanitizeList.forEach((item) => {
| expect(sanitizeHtml(item.input)).toBe(item.expected);
| });
| });
| });
|
|
