1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
import { describe, it, expect } from "bun:test";
import { gcTick } from "./gc";
import { escapeHTML } from "bun";
describe("escapeHTML", () => {
// The matrix of cases we need to test for:
// 1. Works with short strings
// 2. Works with long strings
// 3. Works with latin1 strings
// 4. Works with utf16 strings
// 5. Works when the text to escape is somewhere in the middle
// 6. Works when the text to escape is in the beginning
// 7. Works when the text to escape is in the end
// 8. Returns the same string when there's no need to escape
it("works", () => {
expect(escapeHTML("absolutely nothing to do here")).toBe("absolutely nothing to do here");
expect(escapeHTML("<script>alert(1)</script>")).toBe("<script>alert(1)</script>");
expect(escapeHTML("<")).toBe("<");
expect(escapeHTML(">")).toBe(">");
expect(escapeHTML("&")).toBe("&");
expect(escapeHTML("'")).toBe("'");
expect(escapeHTML('"')).toBe(""");
expect(escapeHTML("\n")).toBe("\n");
expect(escapeHTML("\r")).toBe("\r");
expect(escapeHTML("\t")).toBe("\t");
expect(escapeHTML("\f")).toBe("\f");
expect(escapeHTML("\v")).toBe("\v");
expect(escapeHTML("\b")).toBe("\b");
expect(escapeHTML("\u00A0")).toBe("\u00A0");
expect(escapeHTML("<script>ab")).toBe("<script>ab");
expect(escapeHTML("<script>")).toBe("<script>");
expect(escapeHTML("<script><script>")).toBe("<script><script>");
expect(escapeHTML("lalala" + "<script>alert(1)</script>" + "lalala")).toBe(
"lalala<script>alert(1)</script>lalala",
);
expect(escapeHTML("<script>alert(1)</script>" + "lalala")).toBe("<script>alert(1)</script>lalala");
expect(escapeHTML("lalala" + "<script>alert(1)</script>")).toBe("lalala" + "<script>alert(1)</script>");
expect(escapeHTML("What does π mean?")).toBe("What does π mean?");
const output = escapeHTML("<What does π");
expect(output).toBe("<What does π");
expect(escapeHTML("<div>What does π mean in text?")).toBe("<div>What does π mean in text?");
expect(escapeHTML(("lalala" + "<script>alert(1)</script>" + "lalala").repeat(900))).toBe(
"lalala<script>alert(1)</script>lalala".repeat(900),
);
expect(escapeHTML(("<script>alert(1)</script>" + "lalala").repeat(900))).toBe(
"<script>alert(1)</script>lalala".repeat(900),
);
expect(escapeHTML(("lalala" + "<script>alert(1)</script>").repeat(900))).toBe(
("lalala" + "<script>alert(1)</script>").repeat(900),
);
// the positions of the unicode codepoint are important
// our simd code for U16 is at 8 bytes, so we need to especially check the boundaries
expect(escapeHTML("πlalala" + "<script>alert(1)</script>" + "lalala")).toBe(
"πlalala<script>alert(1)</script>lalala",
);
expect(escapeHTML("<script>πalert(1)</script>" + "lalala")).toBe("<script>πalert(1)</script>lalala");
expect(escapeHTML("<script>alert(1)π</script>" + "lalala")).toBe("<script>alert(1)π</script>lalala");
expect(escapeHTML("<script>alert(1)</script>" + "πlalala")).toBe("<script>alert(1)</script>πlalala");
expect(escapeHTML("<script>alert(1)</script>" + "lalπala")).toBe("<script>alert(1)</script>lalπala");
expect(escapeHTML("<script>alert(1)</script>" + "lalπala".repeat(10))).toBe(
"<script>alert(1)</script>" + "lalπala".repeat(10),
);
for (let i = 1; i < 10; i++)
expect(escapeHTML("<script>alert(1)</script>" + "laπ".repeat(i))).toBe(
"<script>alert(1)</script>" + "laπ".repeat(i),
);
expect(escapeHTML("laπ" + "<script>alert(1)</script>")).toBe("laπ" + "<script>alert(1)</script>");
expect(escapeHTML(("lalala" + "<script>alert(1)</script>π").repeat(1))).toBe(
("lalala" + "<script>alert(1)</script>π").repeat(1),
);
expect(escapeHTML("π".repeat(100))).toBe("π".repeat(100));
expect(escapeHTML("π<".repeat(100))).toBe("π<".repeat(100));
expect(escapeHTML("<π>".repeat(100))).toBe("<π>".repeat(100));
expect(escapeHTML("π")).toBe("π");
expect(escapeHTML("ππ")).toBe("ππ");
expect(escapeHTML("πlo")).toBe("πlo");
expect(escapeHTML("loπ")).toBe("loπ");
expect(escapeHTML(" ".repeat(32) + "π")).toBe(" ".repeat(32) + "π");
expect(escapeHTML(" ".repeat(32) + "ππ")).toBe(" ".repeat(32) + "ππ");
expect(escapeHTML(" ".repeat(32) + "πlo")).toBe(" ".repeat(32) + "πlo");
expect(escapeHTML(" ".repeat(32) + "loπ")).toBe(" ".repeat(32) + "loπ");
});
});
|
