chore: remove GitHub Actions workflows, use Woodpecker CI exclusively
This commit is contained in:
张翔
@@ -0,0 +1,80 @@
|
||||
import { sanitizeHTML, sanitizeInput, sanitizeURL, escapeHTML } from './sanitize';
|
||||
|
||||
describe('sanitize', () => {
|
||||
describe('sanitizeHTML', () => {
|
||||
it('should allow safe HTML tags', () => {
|
||||
const result = sanitizeHTML('<p>Hello <b>world</b></p>');
|
||||
expect(result).toContain('<p>');
|
||||
expect(result).toContain('<b>');
|
||||
});
|
||||
|
||||
it('should remove dangerous tags', () => {
|
||||
const result = sanitizeHTML('<script>alert("xss")</script><p>safe</p>');
|
||||
expect(result).not.toContain('<script>');
|
||||
expect(result).toContain('<p>');
|
||||
});
|
||||
|
||||
it('should remove dangerous attributes', () => {
|
||||
const result = sanitizeHTML('<a href="#" onclick="alert(1)">link</a>');
|
||||
expect(result).not.toContain('onclick');
|
||||
});
|
||||
|
||||
it('should handle empty input', () => {
|
||||
expect(sanitizeHTML('')).toBe('');
|
||||
});
|
||||
});
|
||||
|
||||
describe('sanitizeInput', () => {
|
||||
it('should remove all HTML tags', () => {
|
||||
const result = sanitizeInput('<p>Hello <b>world</b></p>');
|
||||
expect(result).not.toContain('<p>');
|
||||
expect(result).not.toContain('<b>');
|
||||
expect(result).toContain('Hello');
|
||||
expect(result).toContain('world');
|
||||
});
|
||||
|
||||
it('should handle special characters', () => {
|
||||
const result = sanitizeInput('<script>alert("xss")</script>');
|
||||
expect(result).not.toContain('<script>');
|
||||
});
|
||||
});
|
||||
|
||||
describe('sanitizeURL', () => {
|
||||
it('should allow valid http URLs', () => {
|
||||
expect(sanitizeURL('http://example.com')).toBe('http://example.com');
|
||||
});
|
||||
|
||||
it('should allow valid https URLs', () => {
|
||||
expect(sanitizeURL('https://example.com')).toBe('https://example.com');
|
||||
});
|
||||
|
||||
it('should allow mailto URLs', () => {
|
||||
expect(sanitizeURL('mailto:test@example.com')).toBe('mailto:test@example.com');
|
||||
});
|
||||
|
||||
it('should reject javascript URLs', () => {
|
||||
expect(sanitizeURL('javascript:alert(1)')).toBe('');
|
||||
});
|
||||
|
||||
it('should reject data URLs', () => {
|
||||
expect(sanitizeURL('data:text/html,<script>alert(1)</script>')).toBe('');
|
||||
});
|
||||
});
|
||||
|
||||
describe('escapeHTML', () => {
|
||||
it('should escape HTML special characters', () => {
|
||||
expect(escapeHTML('<div>')).toBe('<div>');
|
||||
expect(escapeHTML('&')).toBe('&');
|
||||
expect(escapeHTML('"')).toBe('"');
|
||||
expect(escapeHTML("'")).toBe(''');
|
||||
});
|
||||
|
||||
it('should handle mixed content', () => {
|
||||
expect(escapeHTML('<script>alert("test")</script>')).toBe('<script>alert("test")</script>');
|
||||
});
|
||||
|
||||
it('should handle empty string', () => {
|
||||
expect(escapeHTML('')).toBe('');
|
||||
});
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user