mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-18 04:27:02 +02:00
36 lines
1.3 KiB
JavaScript
36 lines
1.3 KiB
JavaScript
import { module, test } from 'qunit';
|
|
import { setupRenderingTest } from 'vault/tests/helpers';
|
|
import { render } from '@ember/test-helpers';
|
|
import { hbs } from 'ember-cli-htmlbars';
|
|
|
|
module('Integration | Helper | sanitized-html', function (hooks) {
|
|
setupRenderingTest(hooks);
|
|
|
|
test('it does not alter if string is safe', async function (assert) {
|
|
this.set('inputValue', 'height: 15.33px');
|
|
|
|
await render(hbs`{{sanitized-html this.inputValue}}`);
|
|
assert.dom(this.element).hasText('height: 15.33px');
|
|
});
|
|
|
|
test('it strips unsafe HTML before rendering safe HTML', async function (assert) {
|
|
this.set(
|
|
'inputValue',
|
|
'<main data-test-thing>This is something<script data-test-script>window.alert(`h4cK3d`)</script></main>'
|
|
);
|
|
|
|
await render(hbs`{{sanitized-html this.inputValue}}`);
|
|
assert.dom('[data-test-thing]').hasTagName('main');
|
|
assert.dom('[data-test-thing]').hasText('This is something', 'preserves non-problematic content');
|
|
assert.dom('[data-test-script]').doesNotExist('Script is stripped from render');
|
|
});
|
|
|
|
test('it does not invoke functions passed as value', async function (assert) {
|
|
this.set('inputValue', () => {
|
|
window.alert('h4cK3d');
|
|
});
|
|
await render(hbs`{{sanitized-html this.inputValue}}`);
|
|
assert.dom(this.element).hasText("() => { window.alert('h4cK3d'); }");
|
|
});
|
|
});
|