test/xss.js

   1 const assert = require('assert');
   2 const XSS = require('../lib/xss');
   3
   4 describe('XSS', () => {
   5     describe('sanitizeHTML', () => {
   6         it('behaves consistently w.r.t. special chars used in emotes', () => {
   7             const input    = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
   8             const expected = '`^~=| _-,;:!?/."()[]{}@$*\\&amp;#%+á\t';
   9             assert.strictEqual(XSS.sanitizeHTML(input), expected);
  10         });
  11
  12         it('disallows iframes', () => {
  13             const input    = '<iframe src="https://example.com"></iframe>';
  14             const expected = '';
  15             assert.strictEqual(XSS.sanitizeHTML(input), expected);
  16         });
  17     });
  18 });