UNPKG

@kazumatu981/markdown-it-kroki

Version:

markdown-it kroki plugin.

github.com/kazumatu981/markdown-it-kroki

kazumatu981/markdown-it-kroki

88 lines (79 loc) 3.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
const MarkdownIt = require('markdown-it'); const { expect } = require('chai'); const { JSDOM } = require('jsdom'); const MarkdownItKroki = require('../../index'); describe('# [Security-test] anti-injecttion for syntax.', () => { describe("## for alt", () => { it('* escape double quote', () => { const expected = 'this is a "test comment" test'; const md = new MarkdownIt(); md.use(MarkdownItKroki, { entrypoint: "https://kroki.io", marpAutoScaling: true, containerClass: "the-container" }); const result = md.render( '```graphviz [this is a "test comment" test]\r\n' + 'digraph G {Hello->World}\r\n' + '```\r\n' ); const dom = new JSDOM(result); const imgTag = dom.window.document.getElementsByTagName("embed")[0]; const actual = imgTag.getAttribute('title'); expect(actual).to.be.equal(expected); }) }) }); describe('# [Security-test] anti-injecttion for option.', () => { describe("## for entrypoint", () => { it('* deny invalid URL', () => { const testFunction = () => { const md = new MarkdownIt(); md.use(MarkdownItKroki, { entrypoint: "https://kroki.io\"> <script src=\"xxxx.js", marpAutoScaling: true, containerClass: "the-container" }); } expect(testFunction).to.throw(); }) }) describe("## for containerClass", () => { it('* throw when containerClass are not alpha, digit, or \"-\"', () => { const testFunction = () => { const md = new MarkdownIt(); md.use(MarkdownItKroki, { entrypoint: "https://kroki.io", marpAutoScaling: true, containerClass: "<container>" }); const result = md.render( '```graphviz [this is a test]\r\n' + 'digraph G {Hello->World}\r\n' + '```\r\n' ); }; expect(testFunction).to.throw(); }) }) describe("## for imageFormat", () => { it('* ignore invalid imageFormat', () => { const md = new MarkdownIt(); md.use(MarkdownItKroki, { entrypoint: "https://kroki.io", marpAutoScaling: true, containerClass: "the-container", imageFormat: "<injected>" }); const html = md.render( '```graphviz [this is a test]\r\n' + 'digraph G {Hello->World}\r\n' + '```\r\n' ); const dom = new JSDOM(html); const imgTag = dom.window.document.getElementsByTagName("embed")[0]; const actual = imgTag.getAttribute('src'); expect(actual).to.includes('/svg/'); }) }) });