import { DefaultAllowlist, sanitizeHtml } from '../../../src/util/sanitizer'
describe('Sanitizer', () => {
describe('sanitizeHtml', () => {
it('should return the same on empty string', () => {
const empty = ''
const result = sanitizeHtml(empty, DefaultAllowlist, null)
expect(result).toEqual(empty)
})
it('should sanitize template by removing tags with XSS', () => {
const template = [
''
].join('')
const result = sanitizeHtml(template, DefaultAllowlist, null)
expect(result).not.toContain('href="javascript:alert(7)')
})
it('should allow aria attributes and safe attributes', () => {
const template = [
'',
' Some content',
'
'
].join('')
const result = sanitizeHtml(template, DefaultAllowlist, null)
expect(result).toContain('aria-pressed')
expect(result).toContain('class="test"')
})
it('should remove tags not in allowlist', () => {
const template = [
'',
' ',
'
'
].join('')
const result = sanitizeHtml(template, DefaultAllowlist, null)
expect(result).not.toContain('