From 729d445b6885f69dd2c6355f38707bd42851c791 Mon Sep 17 00:00:00 2001 From: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com> Date: Wed, 22 Jun 2022 23:21:48 -0700 Subject: change the directory structure --- test/bun.js/escapeHTML.test.js | 105 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 test/bun.js/escapeHTML.test.js (limited to 'test/bun.js/escapeHTML.test.js') diff --git a/test/bun.js/escapeHTML.test.js b/test/bun.js/escapeHTML.test.js new file mode 100644 index 000000000..ecfcc5e7c --- /dev/null +++ b/test/bun.js/escapeHTML.test.js @@ -0,0 +1,105 @@ +import { describe, it, expect } from "bun:test"; +import { gcTick } from "./gc"; +import { escapeHTML } from "bun"; + +describe("escapeHTML", () => { + // The matrix of cases we need to test for: + // 1. Works with short strings + // 2. Works with long strings + // 3. Works with latin1 strings + // 4. Works with utf16 strings + // 5. Works when the text to escape is somewhere in the middle + // 6. Works when the text to escape is in the beginning + // 7. Works when the text to escape is in the end + // 8. Returns the same string when there's no need to escape + it("works", () => { + expect(escapeHTML("absolutely nothing to do here")).toBe( + "absolutely nothing to do here" + ); + expect(escapeHTML("")).toBe( + "<script>alert(1)</script>" + ); + expect(escapeHTML("<")).toBe("<"); + expect(escapeHTML(">")).toBe(">"); + expect(escapeHTML("&")).toBe("&"); + expect(escapeHTML("'")).toBe("'"); + expect(escapeHTML('"')).toBe("""); + expect(escapeHTML("\n")).toBe("\n"); + expect(escapeHTML("\r")).toBe("\r"); + expect(escapeHTML("\t")).toBe("\t"); + expect(escapeHTML("\f")).toBe("\f"); + expect(escapeHTML("\v")).toBe("\v"); + expect(escapeHTML("\b")).toBe("\b"); + expect(escapeHTML("\u00A0")).toBe("\u00A0"); + expect(escapeHTML("" + "lalala")).toBe( + "lalala<script>alert(1)</script>lalala" + ); + + expect(escapeHTML("" + "lalala")).toBe( + "<script>alert(1)</script>lalala" + ); + expect(escapeHTML("lalala" + "")).toBe( + "lalala" + "<script>alert(1)</script>" + ); + + expect(escapeHTML("What does ๐Ÿ˜Š mean?")).toBe("What does ๐Ÿ˜Š mean?"); + const output = escapeHTML("What does ๐Ÿ˜Š mean in text?")).toBe( + "<div>What does ๐Ÿ˜Š mean in text?" + ); + + expect( + escapeHTML( + ("lalala" + "" + "lalala").repeat(900) + ) + ).toBe("lalala<script>alert(1)</script>lalala".repeat(900)); + expect( + escapeHTML(("" + "lalala").repeat(900)) + ).toBe("<script>alert(1)</script>lalala".repeat(900)); + expect( + escapeHTML(("lalala" + "").repeat(900)) + ).toBe(("lalala" + "<script>alert(1)</script>").repeat(900)); + + // the positions of the unicode codepoint are important + // our simd code for U16 is at 8 bytes, so we need to especially check the boundaries + expect( + escapeHTML("๐Ÿ˜Šlalala" + "" + "lalala") + ).toBe("๐Ÿ˜Šlalala<script>alert(1)</script>lalala"); + expect(escapeHTML("" + "lalala")).toBe( + "<script>๐Ÿ˜Šalert(1)</script>lalala" + ); + expect(escapeHTML("" + "lalala")).toBe( + "<script>alert(1)๐Ÿ˜Š</script>lalala" + ); + expect(escapeHTML("" + "๐Ÿ˜Šlalala")).toBe( + "<script>alert(1)</script>๐Ÿ˜Šlalala" + ); + expect(escapeHTML("" + "lal๐Ÿ˜Šala")).toBe( + "<script>alert(1)</script>lal๐Ÿ˜Šala" + ); + expect( + escapeHTML("" + "lal๐Ÿ˜Šala".repeat(10)) + ).toBe("<script>alert(1)</script>" + "lal๐Ÿ˜Šala".repeat(10)); + + for (let i = 1; i < 10; i++) + expect(escapeHTML("" + "la๐Ÿ˜Š".repeat(i))).toBe( + "<script>alert(1)</script>" + "la๐Ÿ˜Š".repeat(i) + ); + + expect(escapeHTML("la๐Ÿ˜Š" + "")).toBe( + "la๐Ÿ˜Š" + "<script>alert(1)</script>" + ); + expect( + escapeHTML(("lalala" + "๐Ÿ˜Š").repeat(1)) + ).toBe(("lalala" + "<script>alert(1)</script>๐Ÿ˜Š").repeat(1)); + + expect(escapeHTML("๐Ÿ˜Š".repeat(100))).toBe("๐Ÿ˜Š".repeat(100)); + expect(escapeHTML("๐Ÿ˜Š<".repeat(100))).toBe("๐Ÿ˜Š<".repeat(100)); + expect(escapeHTML("<๐Ÿ˜Š>".repeat(100))).toBe("<๐Ÿ˜Š>".repeat(100)); + }); +}); -- cgit v1.2.3