diff options
| author | Johann-S <[email protected]> | 2019-10-02 11:43:54 +0200 |
|---|---|---|
| committer | Johann-S <[email protected]> | 2019-10-03 09:55:57 +0200 |
| commit | 3d12b541c488ea09efced2fb987fcbf384c656bb (patch) | |
| tree | 1863095dd8162e25a1909cf741e32faa091c32d4 /js/src/util/sanitizer.spec.js | |
| parent | 393ddae09b0578c8d381540bdbb4e68cdec1b45b (diff) | |
| download | bootstrap-3d12b541c488ea09efced2fb987fcbf384c656bb.tar.xz bootstrap-3d12b541c488ea09efced2fb987fcbf384c656bb.zip | |
return to the original file structure to avoid breaking modularity
Diffstat (limited to 'js/src/util/sanitizer.spec.js')
| -rw-r--r-- | js/src/util/sanitizer.spec.js | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/js/src/util/sanitizer.spec.js b/js/src/util/sanitizer.spec.js deleted file mode 100644 index 6dadd29a5..000000000 --- a/js/src/util/sanitizer.spec.js +++ /dev/null @@ -1,70 +0,0 @@ -import { DefaultWhitelist, sanitizeHtml } from './sanitizer' - -describe('Sanitizer', () => { - describe('sanitizeHtml', () => { - it('should return the same on empty string', () => { - const empty = '' - - const result = sanitizeHtml(empty, DefaultWhitelist, null) - - expect(result).toEqual(empty) - }) - - it('should sanitize template by removing tags with XSS', () => { - const template = [ - '<div>', - ' <a href="javascript:alert(7)">Click me</a>', - ' <span>Some content</span>', - '</div>' - ].join('') - - const result = sanitizeHtml(template, DefaultWhitelist, null) - - expect(result.indexOf('script') === -1).toEqual(true) - }) - - it('should allow aria attributes and safe attributes', () => { - const template = [ - '<div aria-pressed="true">', - ' <span class="test">Some content</span>', - '</div>' - ].join('') - - const result = sanitizeHtml(template, DefaultWhitelist, null) - - expect(result.indexOf('aria-pressed') !== -1).toEqual(true) - expect(result.indexOf('class="test"') !== -1).toEqual(true) - }) - - it('should remove not whitelist tags', () => { - const template = [ - '<div>', - ' <script>alert(7)</script>', - '</div>' - ].join('') - - const result = sanitizeHtml(template, DefaultWhitelist, null) - - expect(result.indexOf('<script>') === -1).toEqual(true) - }) - - it('should not use native api to sanitize if a custom function passed', () => { - const template = [ - '<div>', - ' <span>Some content</span>', - '</div>' - ].join('') - - function mySanitize(htmlUnsafe) { - return htmlUnsafe - } - - spyOn(DOMParser.prototype, 'parseFromString') - - const result = sanitizeHtml(template, DefaultWhitelist, mySanitize) - - expect(result).toEqual(template) - expect(DOMParser.prototype.parseFromString).not.toHaveBeenCalled() - }) - }) -}) |