From 9f640ffb51dc216e78af6ea5fa0eb8bc782e446b Mon Sep 17 00:00:00 2001
From: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
Date: Fri, 3 Jun 2022 18:49:12 -0700
Subject: impl #1
---
integration/bunjs-only-snippets/escapeHTML.test.js | 54 ++++++++++++++++++++++
1 file changed, 54 insertions(+)
create mode 100644 integration/bunjs-only-snippets/escapeHTML.test.js
(limited to 'integration/bunjs-only-snippets')
diff --git a/integration/bunjs-only-snippets/escapeHTML.test.js b/integration/bunjs-only-snippets/escapeHTML.test.js
new file mode 100644
index 000000000..ca0ff5a36
--- /dev/null
+++ b/integration/bunjs-only-snippets/escapeHTML.test.js
@@ -0,0 +1,54 @@
+import { describe, it, expect } from "bun:test";
+import { gcTick } from "./gc";
+
+describe("Bun.escapeHTML", () => {
+ it("works", () => {
+ expect(Bun.escapeHTML("")).toBe(
+ "<script>alert(1)</script>"
+ );
+ expect(Bun.escapeHTML("<")).toBe("<");
+ expect(Bun.escapeHTML(">")).toBe(">");
+ expect(Bun.escapeHTML("&")).toBe("&");
+ expect(Bun.escapeHTML("'")).toBe("'");
+ expect(Bun.escapeHTML('"')).toBe(""");
+ expect(Bun.escapeHTML("\n")).toBe("\n");
+ expect(Bun.escapeHTML("\r")).toBe("\r");
+ expect(Bun.escapeHTML("\t")).toBe("\t");
+ expect(Bun.escapeHTML("\f")).toBe("\f");
+ expect(Bun.escapeHTML("\v")).toBe("\v");
+ expect(Bun.escapeHTML("\b")).toBe("\b");
+ expect(Bun.escapeHTML("\u00A0")).toBe("\u00A0");
+
+ // The matrix of cases we need to test for:
+ // 1. Works with short strings
+ // 2. Works with long strings
+ // 3. Works with latin1 strings
+ // 4. Works with utf16 strings
+ // 5. Works when the text to escape is somewhere in the middle
+ // 6. Works when the text to escape is in the beginning
+ // 7. Works when the text to escape is in the end
+ // 8. Returns the same string when there's no need to escape
+ expect(
+ Bun.escapeHTML("lalala" + "" + "lalala")
+ ).toBe("lalala<script>alert(1)</script>lalala");
+
+ expect(Bun.escapeHTML("" + "lalala")).toBe(
+ "<script>alert(1)</script>lalala"
+ );
+ expect(Bun.escapeHTML("lalala" + "")).toBe(
+ "lalala" + "<script>alert(1)</script>"
+ );
+
+ expect(
+ Bun.escapeHTML(
+ ("lalala" + "" + "lalala").repeat(900)
+ )
+ ).toBe("lalala<script>alert(1)</script>lalala".repeat(900));
+ expect(
+ Bun.escapeHTML(("" + "lalala").repeat(900))
+ ).toBe("<script>alert(1)</script>lalala".repeat(900));
+ expect(
+ Bun.escapeHTML(("lalala" + "").repeat(900))
+ ).toBe(("lalala" + "<script>alert(1)</script>").repeat(900));
+ });
+});
--
cgit v1.2.3