const { test } = require("node:test"); const assert = require("node:assert"); const { sanitizeValue, sanitizeSelector } = require("../lib/sanitize"); test("sanitizeValue passes ordinary CSS values", () => { assert.equal(sanitizeValue("#ff0000"), "#ff0000"); assert.equal(sanitizeValue("1.5rem"), "1.5rem"); assert.equal(sanitizeValue("'Lato', sans-serif"), "'Lato', sans-serif"); }); test("sanitizeValue drops values that could escape their declaration", () => { const w = []; assert.equal(sanitizeValue("#fff}", w), null); // closes :root{} early assert.equal(sanitizeValue("red; }body{display:none", w), null); assert.equal(sanitizeValue("red/* comment", w), null); assert.equal(sanitizeValue("a", w), null); assert.ok(w.length >= 4, "each drop pushes a warning"); }); test("sanitizeValue drops over-length values and null", () => { assert.equal(sanitizeValue(null), null); assert.equal(sanitizeValue("x".repeat(5000)), null); }); test("sanitizeSelector allows conservative selectors, drops breakouts", () => { assert.equal(sanitizeSelector(".navbar"), ".navbar"); assert.equal(sanitizeSelector(".sidebar, #accordionSidebar"), ".sidebar, #accordionSidebar"); assert.equal(sanitizeSelector("a{color:red}"), null); assert.equal(sanitizeSelector("x;y"), null); });