"""Tests for get_javascript_url_validator() in security/url_validator.py.""" from local_deep_research.security.url_validator import ( get_javascript_url_validator, ) class TestGetJavascriptUrlValidator: """Tests for the JavaScript URL validator code generator.""" def test_returns_string(self): result = get_javascript_url_validator() assert isinstance(result, str) def test_contains_url_validator_object(self): js = get_javascript_url_validator() assert "URLValidator" in js def test_defines_unsafe_schemes(self): js = get_javascript_url_validator() assert "UNSAFE_SCHEMES" in js for scheme in ["javascript", "data", "vbscript", "file", "blob"]: assert scheme in js def test_defines_safe_schemes(self): js = get_javascript_url_validator() assert "SAFE_SCHEMES" in js assert "http" in js assert "https" in js def test_has_is_unsafe_scheme_function(self): js = get_javascript_url_validator() assert "isUnsafeScheme" in js def test_has_is_safe_url_function(self): js = get_javascript_url_validator() assert "isSafeUrl" in js def test_has_sanitize_url_function(self): js = get_javascript_url_validator() assert "sanitizeUrl" in js def test_supports_trusted_domains(self): js = get_javascript_url_validator() assert "trustedDomains" in js def test_supports_allow_mailto(self): js = get_javascript_url_validator() assert "allowMailto" in js def test_supports_allow_fragments(self): js = get_javascript_url_validator() assert "allowFragments" in js def test_sanitize_adds_default_scheme(self): js = get_javascript_url_validator() # Should have logic to add https:// by default assert "defaultScheme" in js def test_is_valid_javascript(self): """Basic syntax check — the JS should be parseable.""" js = get_javascript_url_validator() # Check balanced braces assert js.count("{") == js.count("}") # Check no obvious syntax errors assert "function(" in js or "function (" in js