blob: b553583ee25f49b64d99bdeff999bca107969d18 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
define(['helpers/sanitizer'], function (sanitizer) {
'use strict';
describe('sanitizer', function () {
describe('sanitizer.addLineBreaks', function () {
it('should add line breaks', function () {
var expectedOutput = 'foo<br/>bar';
var output = sanitizer.addLineBreaks('foo\nbar');
expect(output).toEqual(expectedOutput);
});
});
describe('sanitizer.purifyHtml', function () {
it('should fire up DOMPurify', function () {
var expectedOutput = '123<a target="_blank">I am a dolphin!</a>';
var output = sanitizer.purifyHtml('123<a href="javascript:alert(1)">I am a dolphin!</a>');
expect(output).toEqual(expectedOutput);
});
});
describe('sanitizer.purifyText', function () {
it('should escape HTML', function () {
var expectedOutput = '123<a>asd</a>';
var output = sanitizer.purifyText('123<a>asd</a>');
expect(output).toEqual(expectedOutput);
});
it('should leave highlighted text untouched', function () {
var expectedOutput = '<em class="search-highlight">123<a>asd</a></em>';
var output = sanitizer.purifyText('<em class="search-highlight">123<a>asd</a></em>');
expect(output).toEqual(expectedOutput);
});
});
describe('sanitizer.sanitize', function () {
it('should sanitize a plaintext mail', function () {
var expectedOutput = '123<a>asd</a>';
var output = sanitizer.sanitize({
textPlainBody: '123<a>asd</a>'
});
expect(output).toEqual(expectedOutput);
});
it('should sanitize an html mail', function () {
var expectedOutput = '<div>123<a target="_blank">I am a dolphin!</a>foobar</div>';
var output = sanitizer.sanitize({
htmlBody: '<div>123<a href="javascript:alert(1)">I am a dolphin!</a>foobar</div>'
});
expect(output).toEqual(expectedOutput);
});
});
});
});
|
