aboutsummaryrefslogtreecommitdiff
path: root/test/bun.js/escapeHTML.test.js
diff options
context:
space:
mode:
Diffstat (limited to 'test/bun.js/escapeHTML.test.js')
-rw-r--r--test/bun.js/escapeHTML.test.js72
1 files changed, 25 insertions, 47 deletions
diff --git a/test/bun.js/escapeHTML.test.js b/test/bun.js/escapeHTML.test.js
index af119c6e3..f96849a84 100644
--- a/test/bun.js/escapeHTML.test.js
+++ b/test/bun.js/escapeHTML.test.js
@@ -13,12 +13,8 @@ describe("escapeHTML", () => {
// 7. Works when the text to escape is in the end
// 8. Returns the same string when there's no need to escape
it("works", () => {
- expect(escapeHTML("absolutely nothing to do here")).toBe(
- "absolutely nothing to do here",
- );
- expect(escapeHTML("<script>alert(1)</script>")).toBe(
- "&lt;script&gt;alert(1)&lt;/script&gt;",
- );
+ expect(escapeHTML("absolutely nothing to do here")).toBe("absolutely nothing to do here");
+ expect(escapeHTML("<script>alert(1)</script>")).toBe("&lt;script&gt;alert(1)&lt;/script&gt;");
expect(escapeHTML("<")).toBe("&lt;");
expect(escapeHTML(">")).toBe("&gt;");
expect(escapeHTML("&")).toBe("&amp;");
@@ -39,64 +35,46 @@ describe("escapeHTML", () => {
"lalala&lt;script&gt;alert(1)&lt;/script&gt;lalala",
);
- expect(escapeHTML("<script>alert(1)</script>" + "lalala")).toBe(
- "&lt;script&gt;alert(1)&lt;/script&gt;lalala",
- );
- expect(escapeHTML("lalala" + "<script>alert(1)</script>")).toBe(
- "lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;",
- );
+ expect(escapeHTML("<script>alert(1)</script>" + "lalala")).toBe("&lt;script&gt;alert(1)&lt;/script&gt;lalala");
+ expect(escapeHTML("lalala" + "<script>alert(1)</script>")).toBe("lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;");
expect(escapeHTML("What does ๐Ÿ˜Š mean?")).toBe("What does ๐Ÿ˜Š mean?");
const output = escapeHTML("<What does ๐Ÿ˜Š");
expect(output).toBe("&lt;What does ๐Ÿ˜Š");
- expect(escapeHTML("<div>What does ๐Ÿ˜Š mean in text?")).toBe(
- "&lt;div&gt;What does ๐Ÿ˜Š mean in text?",
- );
+ expect(escapeHTML("<div>What does ๐Ÿ˜Š mean in text?")).toBe("&lt;div&gt;What does ๐Ÿ˜Š mean in text?");
- expect(
- escapeHTML(
- ("lalala" + "<script>alert(1)</script>" + "lalala").repeat(900),
- ),
- ).toBe("lalala&lt;script&gt;alert(1)&lt;/script&gt;lalala".repeat(900));
- expect(
- escapeHTML(("<script>alert(1)</script>" + "lalala").repeat(900)),
- ).toBe("&lt;script&gt;alert(1)&lt;/script&gt;lalala".repeat(900));
- expect(
- escapeHTML(("lalala" + "<script>alert(1)</script>").repeat(900)),
- ).toBe(("lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;").repeat(900));
+ expect(escapeHTML(("lalala" + "<script>alert(1)</script>" + "lalala").repeat(900))).toBe(
+ "lalala&lt;script&gt;alert(1)&lt;/script&gt;lalala".repeat(900),
+ );
+ expect(escapeHTML(("<script>alert(1)</script>" + "lalala").repeat(900))).toBe(
+ "&lt;script&gt;alert(1)&lt;/script&gt;lalala".repeat(900),
+ );
+ expect(escapeHTML(("lalala" + "<script>alert(1)</script>").repeat(900))).toBe(
+ ("lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;").repeat(900),
+ );
// the positions of the unicode codepoint are important
// our simd code for U16 is at 8 bytes, so we need to especially check the boundaries
- expect(
- escapeHTML("๐Ÿ˜Šlalala" + "<script>alert(1)</script>" + "lalala"),
- ).toBe("๐Ÿ˜Šlalala&lt;script&gt;alert(1)&lt;/script&gt;lalala");
- expect(escapeHTML("<script>๐Ÿ˜Šalert(1)</script>" + "lalala")).toBe(
- "&lt;script&gt;๐Ÿ˜Šalert(1)&lt;/script&gt;lalala",
- );
- expect(escapeHTML("<script>alert(1)๐Ÿ˜Š</script>" + "lalala")).toBe(
- "&lt;script&gt;alert(1)๐Ÿ˜Š&lt;/script&gt;lalala",
- );
- expect(escapeHTML("<script>alert(1)</script>" + "๐Ÿ˜Šlalala")).toBe(
- "&lt;script&gt;alert(1)&lt;/script&gt;๐Ÿ˜Šlalala",
+ expect(escapeHTML("๐Ÿ˜Šlalala" + "<script>alert(1)</script>" + "lalala")).toBe(
+ "๐Ÿ˜Šlalala&lt;script&gt;alert(1)&lt;/script&gt;lalala",
);
- expect(escapeHTML("<script>alert(1)</script>" + "lal๐Ÿ˜Šala")).toBe(
- "&lt;script&gt;alert(1)&lt;/script&gt;lal๐Ÿ˜Šala",
+ expect(escapeHTML("<script>๐Ÿ˜Šalert(1)</script>" + "lalala")).toBe("&lt;script&gt;๐Ÿ˜Šalert(1)&lt;/script&gt;lalala");
+ expect(escapeHTML("<script>alert(1)๐Ÿ˜Š</script>" + "lalala")).toBe("&lt;script&gt;alert(1)๐Ÿ˜Š&lt;/script&gt;lalala");
+ expect(escapeHTML("<script>alert(1)</script>" + "๐Ÿ˜Šlalala")).toBe("&lt;script&gt;alert(1)&lt;/script&gt;๐Ÿ˜Šlalala");
+ expect(escapeHTML("<script>alert(1)</script>" + "lal๐Ÿ˜Šala")).toBe("&lt;script&gt;alert(1)&lt;/script&gt;lal๐Ÿ˜Šala");
+ expect(escapeHTML("<script>alert(1)</script>" + "lal๐Ÿ˜Šala".repeat(10))).toBe(
+ "&lt;script&gt;alert(1)&lt;/script&gt;" + "lal๐Ÿ˜Šala".repeat(10),
);
- expect(
- escapeHTML("<script>alert(1)</script>" + "lal๐Ÿ˜Šala".repeat(10)),
- ).toBe("&lt;script&gt;alert(1)&lt;/script&gt;" + "lal๐Ÿ˜Šala".repeat(10));
for (let i = 1; i < 10; i++)
expect(escapeHTML("<script>alert(1)</script>" + "la๐Ÿ˜Š".repeat(i))).toBe(
"&lt;script&gt;alert(1)&lt;/script&gt;" + "la๐Ÿ˜Š".repeat(i),
);
- expect(escapeHTML("la๐Ÿ˜Š" + "<script>alert(1)</script>")).toBe(
- "la๐Ÿ˜Š" + "&lt;script&gt;alert(1)&lt;/script&gt;",
+ expect(escapeHTML("la๐Ÿ˜Š" + "<script>alert(1)</script>")).toBe("la๐Ÿ˜Š" + "&lt;script&gt;alert(1)&lt;/script&gt;");
+ expect(escapeHTML(("lalala" + "<script>alert(1)</script>๐Ÿ˜Š").repeat(1))).toBe(
+ ("lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;๐Ÿ˜Š").repeat(1),
);
- expect(
- escapeHTML(("lalala" + "<script>alert(1)</script>๐Ÿ˜Š").repeat(1)),
- ).toBe(("lalala" + "&lt;script&gt;alert(1)&lt;/script&gt;๐Ÿ˜Š").repeat(1));
expect(escapeHTML("๐Ÿ˜Š".repeat(100))).toBe("๐Ÿ˜Š".repeat(100));
expect(escapeHTML("๐Ÿ˜Š<".repeat(100))).toBe("๐Ÿ˜Š&lt;".repeat(100));
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-28 03:51:29 +0000