impl #1

author: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com> 2022-06-03 18:49:12 -0700
committer: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com> 2022-06-03 18:49:12 -0700
commit: 9f640ffb51dc216e78af6ea5fa0eb8bc782e446b (patch)
tree: 19279f2f1b0d12ec3f2df651807201a76285cfd7 /integration/bunjs-only-snippets/escapeHTML.test.js
parent: af6859acc27265e5a0cbb3107953547c74de281b (diff)
download: bun-9f640ffb51dc216e78af6ea5fa0eb8bc782e446b.tar.gz
bun-9f640ffb51dc216e78af6ea5fa0eb8bc782e446b.tar.zst
bun-9f640ffb51dc216e78af6ea5fa0eb8bc782e446b.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/integration/bunjs-only-snippets/escapeHTML.test.js b/integration/bunjs-only-snippets/escapeHTML.test.js
new file mode 100644
index 000000000..ca0ff5a36
--- /dev/null
+++ b/integration/bunjs-only-snippets/escapeHTML.test.js
@@ -0,0 +1,54 @@
+import { describe, it, expect } from "bun:test";
+import { gcTick } from "./gc";
+
+describe("Bun.escapeHTML", () => {
+  it("works", () => {
+    expect(Bun.escapeHTML("<script>alert(1)</script>")).toBe(
+      "&lt;script&gt;alert(1)&lt;/script&gt;"
+    );
+    expect(Bun.escapeHTML("<")).toBe("&lt;");
+    expect(Bun.escapeHTML(">")).toBe("&gt;");
+    expect(Bun.escapeHTML("&")).toBe("&amp;");
+    expect(Bun.escapeHTML("'")).toBe("&#x27;");
+    expect(Bun.escapeHTML('"')).toBe("&quot;");
+    expect(Bun.escapeHTML("\n")).toBe("\n");
+    expect(Bun.escapeHTML("\r")).toBe("\r");
+    expect(Bun.escapeHTML("\t")).toBe("\t");
+    expect(Bun.escapeHTML("\f")).toBe("\f");
+    expect(Bun.escapeHTML("\v")).toBe("\v");
+    expect(Bun.escapeHTML("\b")).toBe("\b");
+    expect(Bun.escapeHTML("\u00A0")).toBe("\u00A0");
+
+    // The matrix of cases we need to test for:
+    // 1. Works with short strings
+    // 2. Works with long strings
+    // 3. Works with latin1 strings
+    // 4. Works with utf16 strings
+    // 5. Works when the text to escape is somewhere in the middle
+    // 6. Works when the text to escape is in the beginning
+    // 7. Works when the text to escape is in the end
+    // 8. Returns the same string when there's no need to escape
+    expect(
+      Bun.escapeHTML("lalala" + "<script>alert(1)</script>" + "lalala")
+    ).toBe("lalala&lt;script&gt;alert(1)&lt;/script&gt;lalala");
+
+    expect(Bun.escapeHTML("<script>alert(1)</script>" + "lalala")).toBe(
+      "&lt;script&gt;alert(1)&lt;/script&gt;lalala"
+    );
+    expect(Bun.escapeHTML("lalala" + "<script>alert(1)</script>")).toBe(
+      "lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;"
+    );
+
+    expect(
+      Bun.escapeHTML(
+        ("lalala" + "<script>alert(1)</script>" + "lalala").repeat(900)
+      )
+    ).toBe("lalala&lt;script&gt;alert(1)&lt;/script&gt;lalala".repeat(900));
+    expect(
+      Bun.escapeHTML(("<script>alert(1)</script>" + "lalala").repeat(900))
+    ).toBe("&lt;script&gt;alert(1)&lt;/script&gt;lalala".repeat(900));
+    expect(
+      Bun.escapeHTML(("lalala" + "<script>alert(1)</script>").repeat(900))
+    ).toBe(("lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;").repeat(900));
+  });
+});
author	Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>	2022-06-03 18:49:12 -0700
committer	Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>	2022-06-03 18:49:12 -0700
commit	9f640ffb51dc216e78af6ea5fa0eb8bc782e446b (patch)
tree	19279f2f1b0d12ec3f2df651807201a76285cfd7 /integration/bunjs-only-snippets/escapeHTML.test.js
parent	af6859acc27265e5a0cbb3107953547c74de281b (diff)
download	bun-9f640ffb51dc216e78af6ea5fa0eb8bc782e446b.tar.gz bun-9f640ffb51dc216e78af6ea5fa0eb8bc782e446b.tar.zst bun-9f640ffb51dc216e78af6ea5fa0eb8bc782e446b.zip