Add characterization test for sanitize-html
At various times in the past, upgrades in the sanitize-html library that changed behavior of HTML filtering have caused things like emotes to break unexpectedly. This commit adds a basic test to sanitize non-alphanumeric characters found in channels' emote codes so that if the library changes, the test will break and give a heads up that something changed.
This commit is contained in:
Calvin Montgomery
parent
53cee986c6
commit
6633e23aa3
|
|
@ -2,7 +2,7 @@
|
|||
"author": "Calvin Montgomery",
|
||||
"name": "CyTube",
|
||||
"description": "Online media synchronizer and chat",
|
||||
"version": "3.38.1",
|
||||
"version": "3.38.2",
|
||||
"repository": {
|
||||
"url": "http://github.com/calzoneman/sync"
|
||||
},
|
||||
|
|
|
|||
12
test/xss.js
Normal file
12
test/xss.js
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
const assert = require('assert');
|
||||
const XSS = require('../lib/xss');
|
||||
|
||||
describe('XSS', () => {
|
||||
describe('sanitizeHTML', () => {
|
||||
it('behaves consistently w.r.t. special chars used in emotes', () => {
|
||||
const input = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
|
||||
const expected = '`^~=| _-,;:!?/."()[]{}@$*\\\\&#%+á\t';
|
||||
assert.strictEqual(XSS.sanitizeHTML(input), expected);
|
||||
});
|
||||
});
|
||||
});
|
||||
Loading…
Reference in a new issue