CyTube/test/xss.js

19 lines
670 B
JavaScript
Raw Normal View History

const assert = require('assert');
const XSS = require('../lib/xss');
describe('XSS', () => {
describe('sanitizeHTML', () => {
it('behaves consistently w.r.t. special chars used in emotes', () => {
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
2021-03-22 04:31:20 +00:00
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
assert.strictEqual(XSS.sanitizeHTML(input), expected);
});
it('disallows iframes', () => {
const input = '<iframe src="https://example.com"></iframe>';
const expected = '';
assert.strictEqual(XSS.sanitizeHTML(input), expected);
});
});
});