36 lines
997 B
JavaScript
36 lines
997 B
JavaScript
// The Lucia project.
|
|
// Copyright 2026-2026 DSP, inc. All rights reserved.
|
|
// Authors:
|
|
// imacat.yang@dsp.im (imacat), 2026/03/06
|
|
|
|
import { describe, it, expect } from "vitest";
|
|
import { escapeHtml } from "@/utils/escapeHtml.js";
|
|
|
|
describe("escapeHtml", () => {
|
|
it("escapes ampersand", () => {
|
|
expect(escapeHtml("a&b")).toBe("a&b");
|
|
});
|
|
|
|
it("escapes angle brackets", () => {
|
|
expect(escapeHtml("<script>")).toBe("<script>");
|
|
});
|
|
|
|
it("escapes double quotes", () => {
|
|
expect(escapeHtml('"hello"')).toBe(""hello"");
|
|
});
|
|
|
|
it("escapes single quotes", () => {
|
|
expect(escapeHtml("it's")).toBe("it's");
|
|
});
|
|
|
|
it("escapes all special characters together", () => {
|
|
expect(escapeHtml('<img src="x" onerror="alert(\'XSS\')">')).toBe(
|
|
"<img src="x" onerror="alert('XSS')">",
|
|
);
|
|
});
|
|
|
|
it("returns plain text unchanged", () => {
|
|
expect(escapeHtml("hello world")).toBe("hello world");
|
|
});
|
|
});
|