34 lines
1.3 KiB
JavaScript
34 lines
1.3 KiB
JavaScript
const { test } = require("node:test");
|
|
const assert = require("node:assert");
|
|
const { sanitizeValue, sanitizeSelector } = require("../lib/sanitize");
|
|
|
|
|
|
test("sanitizeValue passes ordinary CSS values", () => {
|
|
assert.equal(sanitizeValue("#ff0000"), "#ff0000");
|
|
assert.equal(sanitizeValue("1.5rem"), "1.5rem");
|
|
assert.equal(sanitizeValue("'Lato', sans-serif"), "'Lato', sans-serif");
|
|
});
|
|
|
|
|
|
test("sanitizeValue drops values that could escape their declaration", () => {
|
|
const w = [];
|
|
assert.equal(sanitizeValue("#fff}", w), null); // closes :root{} early
|
|
assert.equal(sanitizeValue("red; }body{display:none", w), null);
|
|
assert.equal(sanitizeValue("red/* comment", w), null);
|
|
assert.equal(sanitizeValue("a</style>", w), null);
|
|
assert.ok(w.length >= 4, "each drop pushes a warning");
|
|
});
|
|
|
|
|
|
test("sanitizeValue drops over-length values and null", () => {
|
|
assert.equal(sanitizeValue(null), null);
|
|
assert.equal(sanitizeValue("x".repeat(5000)), null);
|
|
});
|
|
|
|
|
|
test("sanitizeSelector allows conservative selectors, drops breakouts", () => {
|
|
assert.equal(sanitizeSelector(".navbar"), ".navbar");
|
|
assert.equal(sanitizeSelector(".sidebar, #accordionSidebar"), ".sidebar, #accordionSidebar");
|
|
assert.equal(sanitizeSelector("a{color:red}"), null);
|
|
assert.equal(sanitizeSelector("x;y"), null);
|
|
});
|