Files
2026-07-13 13:39:12 +08:00

28 lines
1.5 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
import { sanitizeDocsHtml } from "../../../src/lib/docsSanitizer.ts";
test("sanitizeDocsHtml removes dangerous tags and attributes", () => {
const malicious = '<script>alert("xss")</script><img src="x" onerror="alert(1)"> <a href="javascript:alert(1)">link</a> <div onclick="evil()">content</div>';
const sanitized = sanitizeDocsHtml(malicious);
assert.ok(!sanitized.includes("<script>"), "Should remove <script>");
assert.ok(!sanitized.includes("onerror"), "Should remove onerror");
assert.ok(!sanitized.includes("onclick"), "Should remove onclick");
assert.ok(!sanitized.includes("javascript:"), "Should remove javascript: URLs");
assert.ok(sanitized.includes("<a>link</a>") || sanitized.includes("<a >link</a>") || sanitized.includes("link"), "Should keep safe content");
});
test("sanitizeDocsHtml allows safe tags and attributes", () => {
const safe = '<h1>Title</h1><p>Paragraph with <strong>bold</strong> and <em>italic</em>.</p><ul><li>Item</li></ul><pre><code>code</code></pre>';
const sanitized = sanitizeDocsHtml(safe);
assert.ok(sanitized.includes("<h1>Title</h1>"), "Should allow <h1>");
assert.ok(sanitized.includes("<p>"), "Should allow <p>");
assert.ok(sanitized.includes("<strong>"), "Should allow <strong>");
assert.ok(sanitized.includes("<ul>"), "Should allow <ul>");
assert.ok(sanitized.includes("<li>"), "Should allow <li>");
assert.ok(sanitized.includes("<pre>"), "Should allow <pre>");
assert.ok(sanitized.includes("<code>"), "Should allow <code>");
});