import { describe, it, expect } from "bun:test"; import { gcTick } from "./gc"; import { escapeHTML } from "bun"; describe("escapeHTML", () => { // The matrix of cases we need to test for: // 1. Works with short strings // 2. Works with long strings // 3. Works with latin1 strings // 4. Works with utf16 strings // 5. Works when the text to escape is somewhere in the middle // 6. Works when the text to escape is in the beginning // 7. Works when the text to escape is in the end // 8. Returns the same string when there's no need to escape it("works", () => { expect(escapeHTML("absolutely nothing to do here")).toBe( "absolutely nothing to do here" ); expect(escapeHTML("")).toBe( "<script>alert(1)</script>" ); expect(escapeHTML("<")).toBe("<"); expect(escapeHTML(">")).toBe(">"); expect(escapeHTML("&")).toBe("&"); expect(escapeHTML("'")).toBe("'"); expect(escapeHTML('"')).toBe("""); expect(escapeHTML("\n")).toBe("\n"); expect(escapeHTML("\r")).toBe("\r"); expect(escapeHTML("\t")).toBe("\t"); expect(escapeHTML("\f")).toBe("\f"); expect(escapeHTML("\v")).toBe("\v"); expect(escapeHTML("\b")).toBe("\b"); expect(escapeHTML("\u00A0")).toBe("\u00A0"); expect(escapeHTML("" + "lalala")).toBe( "lalala<script>alert(1)</script>lalala" ); expect(escapeHTML("" + "lalala")).toBe( "<script>alert(1)</script>lalala" ); expect(escapeHTML("lalala" + "")).toBe( "lalala" + "<script>alert(1)</script>" ); expect(escapeHTML("What does ๐Ÿ˜Š mean?")).toBe("What does ๐Ÿ˜Š mean?"); const output = escapeHTML("What does ๐Ÿ˜Š mean in text?")).toBe( "<div>What does ๐Ÿ˜Š mean in text?" ); expect( escapeHTML( ("lalala" + "" + "lalala").repeat(900) ) ).toBe("lalala<script>alert(1)</script>lalala".repeat(900)); expect( escapeHTML(("" + "lalala").repeat(900)) ).toBe("<script>alert(1)</script>lalala".repeat(900)); expect( escapeHTML(("lalala" + "").repeat(900)) ).toBe(("lalala" + "<script>alert(1)</script>").repeat(900)); // the positions of the unicode codepoint are important // our simd code for U16 is at 8 bytes, so we need to especially check the boundaries expect( escapeHTML("๐Ÿ˜Šlalala" + "" + "lalala") ).toBe("๐Ÿ˜Šlalala<script>alert(1)</script>lalala"); expect(escapeHTML("" + "lalala")).toBe( "<script>๐Ÿ˜Šalert(1)</script>lalala" ); expect(escapeHTML("" + "lalala")).toBe( "<script>alert(1)๐Ÿ˜Š</script>lalala" ); expect(escapeHTML("" + "๐Ÿ˜Šlalala")).toBe( "<script>alert(1)</script>๐Ÿ˜Šlalala" ); expect(escapeHTML("" + "lal๐Ÿ˜Šala")).toBe( "<script>alert(1)</script>lal๐Ÿ˜Šala" ); expect( escapeHTML("" + "lal๐Ÿ˜Šala".repeat(10)) ).toBe("<script>alert(1)</script>" + "lal๐Ÿ˜Šala".repeat(10)); for (let i = 1; i < 10; i++) expect(escapeHTML("" + "la๐Ÿ˜Š".repeat(i))).toBe( "<script>alert(1)</script>" + "la๐Ÿ˜Š".repeat(i) ); expect(escapeHTML("la๐Ÿ˜Š" + "")).toBe( "la๐Ÿ˜Š" + "<script>alert(1)</script>" ); expect( escapeHTML(("lalala" + "๐Ÿ˜Š").repeat(1)) ).toBe(("lalala" + "<script>alert(1)</script>๐Ÿ˜Š").repeat(1)); expect(escapeHTML("๐Ÿ˜Š".repeat(100))).toBe("๐Ÿ˜Š".repeat(100)); expect(escapeHTML("๐Ÿ˜Š<".repeat(100))).toBe("๐Ÿ˜Š<".repeat(100)); expect(escapeHTML("<๐Ÿ˜Š>".repeat(100))).toBe("<๐Ÿ˜Š>".repeat(100)); }); });