synapse-react-client
Version:
[](https://badge.fury.io/js/synapse-react-client) [](https://github.com/prettier/prettie
77 lines (76 loc) • 4.17 kB
JavaScript
import r from "xss";
import { JSDOM as i } from "jsdom";
import { sanitize as c, xssOptions as a } from "./SanitizeHtmlUtils.js";
function s(t) {
return new i(t).window.document.documentElement;
}
function d() {
describe("HTML Sanitization - DOMPurify", () => {
test("Prevents XSS through onload", () => {
const t = c("<span onload='alert('XSS')'>foo</span>"), o = s(t).querySelector("span");
expect(o).not.toBeNull(), expect(o.getAttribute("onload")).toBeNull();
}), test("Prevents XSS through onclick", () => {
const t = c("<span onclick='alert('XSS')'>foo</span>"), o = s(t).querySelector("span");
expect(o).not.toBeNull(), expect(o.getAttribute("onclick")).toBeNull();
}), test("Prevents XSS through href", () => {
const e = c('<a href="javascript:alert(1)">foo</a>'), n = s(e).querySelector("a");
expect(n).not.toBeNull(), expect(n.getAttribute("href")).toBeNull();
}), test("Allows valid link href", () => {
const t = "https://synapse.org", e = c(`<a href="${t}">foo</a>`), n = s(e).querySelector("a");
expect(n).not.toBeNull(), expect(n.getAttribute("href")).toEqual(t);
}), test("Allows link rel property", () => {
const t = "https://synapse.org", e = "noopener noreferrer", o = c(`<a href="${t}" rel="${e}">foo</a>`), l = s(o).querySelector("a");
expect(l).not.toBeNull(), expect(l.getAttribute("href")).toEqual(t), expect(l.getAttribute("rel")).toEqual(e);
}), describe.each(["td", "th"])("%s cell text alignment", (t) => {
test(`Allows ${t} with text-align style`, () => {
const e = `<table><tbody><tr><${t} style="text-align:center">foo</${t}></tr></tbody></table>`, o = e, n = c(e);
expect(n).toEqual(o);
}), test(`Removes styles other than text-align from ${t}`, () => {
const e = `<table><tbody><tr><${t} style="text-align:center; position: absolute;">foo</${t}></tr></tbody></table>`, o = `<table><tbody><tr><${t} style="text-align:center">foo</${t}></tr></tbody></table>`, n = c(e);
expect(n).toEqual(o);
});
});
});
}
function f() {
describe("HTML Sanitization - xss (legacy)", () => {
test("Prevents XSS through onload", () => {
const t = r(
"<span onload='alert('XSS')'>foo</span>",
a
), o = s(t).querySelector("span");
expect(o).not.toBeNull(), expect(o.getAttribute("onload")).toBeNull();
}), test("Prevents XSS through onclick", () => {
const t = r(
"<span onclick='alert('XSS')'>foo</span>",
a
), o = s(t).querySelector("span");
expect(o).not.toBeNull(), expect(o.getAttribute("onclick")).toBeNull();
}), test("Prevents XSS through href", () => {
const e = r('<a href="javascript:alert(1)">foo</a>', a), n = s(e).querySelector("a");
expect(n).not.toBeNull(), expect(n.getAttribute("href")).toEqual("");
}), test("Allows valid link href", () => {
const t = "https://synapse.org", e = r(`<a href="${t}">foo</a>`, a), n = s(e).querySelector("a");
expect(n).not.toBeNull(), expect(n.getAttribute("href")).toEqual(t);
}), test("Allows link rel property", () => {
const t = "https://synapse.org", e = "noopener noreferrer", o = r(
`<a href="${t}" rel="${e}">foo</a>`,
a
), l = s(o).querySelector("a");
expect(l).not.toBeNull(), expect(l.getAttribute("href")).toEqual(t), expect(l.getAttribute("rel")).toEqual(e);
}), describe.each(["td", "th"])("%s cell text alignment", (t) => {
test(`Allows ${t} with text-align style`, () => {
const e = `<table><tbody><tr><${t} style="text-align:center;">foo</${t}></tr></tbody></table>`, o = e, n = r(e, a);
expect(n).toEqual(o);
}), test(`Removes styles other than text-align from ${t}`, () => {
const e = `<table><tbody><tr><${t} style="text-align:center; position: absolute;">foo</${t}></tr></tbody></table>`, o = `<table><tbody><tr><${t} style="text-align:center;">foo</${t}></tr></tbody></table>`, n = r(e, a);
expect(n).toEqual(o);
});
});
});
}
export {
d as runDomPurifyTests,
f as runXssTests
};
//# sourceMappingURL=SanitizeHtmlUtils.test-utils.js.map