diff options
Diffstat (limited to 'integration/bunjs-only-snippets/escapeHTML.test.js')
| -rw-r--r-- | integration/bunjs-only-snippets/escapeHTML.test.js | 68 |
1 files changed, 59 insertions, 9 deletions
diff --git a/integration/bunjs-only-snippets/escapeHTML.test.js b/integration/bunjs-only-snippets/escapeHTML.test.js index 13ff138c9..6c709bf76 100644 --- a/integration/bunjs-only-snippets/escapeHTML.test.js +++ b/integration/bunjs-only-snippets/escapeHTML.test.js @@ -2,7 +2,19 @@ import { describe, it, expect } from "bun:test"; import { gcTick } from "./gc"; describe("escapeHTML", () => { + // The matrix of cases we need to test for: + // 1. Works with short strings + // 2. Works with long strings + // 3. Works with latin1 strings + // 4. Works with utf16 strings + // 5. Works when the text to escape is somewhere in the middle + // 6. Works when the text to escape is in the beginning + // 7. Works when the text to escape is in the end + // 8. Returns the same string when there's no need to escape it("works", () => { + expect(escapeHTML("absolutely nothing to do here")).toBe( + "absolutely nothing to do here" + ); expect(escapeHTML("<script>alert(1)</script>")).toBe( "<script>alert(1)</script>" ); @@ -18,16 +30,10 @@ describe("escapeHTML", () => { expect(escapeHTML("\v")).toBe("\v"); expect(escapeHTML("\b")).toBe("\b"); expect(escapeHTML("\u00A0")).toBe("\u00A0"); + expect(escapeHTML("<script>ab")).toBe("<script>ab"); + expect(escapeHTML("<script>")).toBe("<script>"); + expect(escapeHTML("<script><script>")).toBe("<script><script>"); - // The matrix of cases we need to test for: - // 1. Works with short strings - // 2. Works with long strings - // 3. Works with latin1 strings - // 4. Works with utf16 strings - // 5. Works when the text to escape is somewhere in the middle - // 6. Works when the text to escape is in the beginning - // 7. Works when the text to escape is in the end - // 8. Returns the same string when there's no need to escape expect(escapeHTML("lalala" + "<script>alert(1)</script>" + "lalala")).toBe( "lalala<script>alert(1)</script>lalala" ); @@ -39,6 +45,13 @@ describe("escapeHTML", () => { "lalala" + "<script>alert(1)</script>" ); + expect(escapeHTML("What does ๐ mean?")).toBe("What does ๐ mean?"); + const output = escapeHTML("<What does ๐"); + expect(output).toBe("<What does ๐"); + expect(escapeHTML("<div>What does ๐ mean in text?")).toBe( + "<div>What does ๐ mean in text?" + ); + expect( escapeHTML( ("lalala" + "<script>alert(1)</script>" + "lalala").repeat(900) @@ -50,5 +63,42 @@ describe("escapeHTML", () => { expect( escapeHTML(("lalala" + "<script>alert(1)</script>").repeat(900)) ).toBe(("lalala" + "<script>alert(1)</script>").repeat(900)); + + // the positions of the unicode codepoint are important + // our simd code for U16 is at 8 bytes, so we need to especially check the boundaries + expect( + escapeHTML("๐lalala" + "<script>alert(1)</script>" + "lalala") + ).toBe("๐lalala<script>alert(1)</script>lalala"); + expect(escapeHTML("<script>๐alert(1)</script>" + "lalala")).toBe( + "<script>๐alert(1)</script>lalala" + ); + expect(escapeHTML("<script>alert(1)๐</script>" + "lalala")).toBe( + "<script>alert(1)๐</script>lalala" + ); + expect(escapeHTML("<script>alert(1)</script>" + "๐lalala")).toBe( + "<script>alert(1)</script>๐lalala" + ); + expect(escapeHTML("<script>alert(1)</script>" + "lal๐ala")).toBe( + "<script>alert(1)</script>lal๐ala" + ); + expect( + escapeHTML("<script>alert(1)</script>" + "lal๐ala".repeat(10)) + ).toBe("<script>alert(1)</script>" + "lal๐ala".repeat(10)); + + for (let i = 1; i < 10; i++) + expect(escapeHTML("<script>alert(1)</script>" + "la๐".repeat(i))).toBe( + "<script>alert(1)</script>" + "la๐".repeat(i) + ); + + expect(escapeHTML("la๐" + "<script>alert(1)</script>")).toBe( + "la๐" + "<script>alert(1)</script>" + ); + expect( + escapeHTML(("lalala" + "<script>alert(1)</script>๐").repeat(1)) + ).toBe(("lalala" + "<script>alert(1)</script>๐").repeat(1)); + + expect(escapeHTML("๐".repeat(100))).toBe("๐".repeat(100)); + expect(escapeHTML("๐<".repeat(100))).toBe("๐<".repeat(100)); + expect(escapeHTML("<๐>".repeat(100))).toBe("<๐>".repeat(100)); }); }); |