2017-06-17 16:39:58 +00:00
|
|
|
const assert = require('assert');
|
|
|
|
const XSS = require('../lib/xss');
|
|
|
|
|
|
|
|
describe('XSS', () => {
|
|
|
|
describe('sanitizeHTML', () => {
|
|
|
|
it('behaves consistently w.r.t. special chars used in emotes', () => {
|
|
|
|
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
|
2021-03-22 04:31:20 +00:00
|
|
|
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
|
|
|
|
assert.strictEqual(XSS.sanitizeHTML(input), expected);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('disallows iframes', () => {
|
|
|
|
const input = '<iframe src="https://example.com"></iframe>';
|
|
|
|
const expected = '';
|
2017-06-17 16:39:58 +00:00
|
|
|
assert.strictEqual(XSS.sanitizeHTML(input), expected);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|