-
Notifications
You must be signed in to change notification settings - Fork 239
Expand file tree
/
Copy pathvalidate.test.cjs
More file actions
237 lines (224 loc) · 7.11 KB
/
Copy pathvalidate.test.cjs
File metadata and controls
237 lines (224 loc) · 7.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
// validate.test.js
// Include path module
const path = require("path");
/**
* Test cases for validate.js
*/
describe("validate.js tests", () => {
beforeAll(async () => {
await page.goto("http://localhost:8000"); // Replace with your test URL
const validatePath = path.resolve(__dirname, "../../build/test/validate.umd.js");
// Add DOMPurify script
const domPurifyPath = path.resolve(
__dirname,
"../../node_modules/dompurify/dist/purify.min.js"
);
await page.addScriptTag({ path: domPurifyPath });
await page.addScriptTag({ path: validatePath });
});
/**
* Test cases for preSanitizeSetup function
*/
describe("preProcessVttContent", () => {
const testCases = [
{
input: "<v My Name>Some text</v>",
expectedOutput: '<v title="My Name">Some text</v>',
},
{
input: "<v Name>More text</v>",
expectedOutput: '<v title="Name">More text</v>',
},
{
input: '<v title="Name">More text</v>',
expectedOutput: '<v title="Name">More text</v>',
},
{
input: "<v.blue.green Name>More text</v>",
expectedOutput: '<v title="Name" class="blue green">More text</v>',
},
];
testCases.forEach(({ input, expectedOutput }) => {
test(`should transform ${input} correctly`, async () => {
const result = await page.evaluate((input) => {
return window.validate.preProcessVttContent(input);
}, input);
expect(result).toBe(expectedOutput);
});
});
});
/**
* Test cases for postProcessVttContent function
*/
describe("postProcessVttContent", () => {
const testCases = [
{
description: "should postprocess <c> tags correctly",
input: '<c class="first second">Some text</c>',
expectedOutput: "<c.first.second>Some text</c>",
},
{
description: "should postprocess <v> tags correctly",
input: '<v class="first second">Some text</v>',
expectedOutput: "<v.first.second>Some text</v>",
},
{
description: "should postprocess <v> tags correctly, multiple attributes",
input: '<v class="first second" title="Hello">Some text</v>',
expectedOutput: '<v.first.second title="Hello">Some text</v>',
},
{
description: "should postprocess <v> tags correctly, different attribute order",
input: '<v title="Hello" class="first second">Some text</v>',
expectedOutput: '<v.first.second title="Hello">Some text</v>',
},
{
description: "should postprocess <lang> tags correctly",
input: '<lang lang="en">Some text</lang>',
expectedOutput: "<lang en>Some text</lang>",
},
];
testCases.forEach(({ description, input, expectedOutput }) => {
test(description, async () => {
const result = await page.evaluate((input) => {
return window.validate.postProcessVttContent(input, input);
}, input);
expect(result).toBe(expectedOutput);
});
});
});
}, 10000 );
/**
* Test cases for sanitizeVttContent function
*/
describe("sanitizeVttContent", () => {
const testCases = [
{
description: "should remove disallowed tags",
input: '<script>alert("XSS")</script><v>Alicia Wood</v>',
expectedOutput: "<v>Alicia Wood</v>",
},
{
description: "should keep allowed attributes",
input: '<v.blue.green title="Name">More text</v>',
expectedOutput: '<v.blue.green title="Name">More text</v>',
},
{
description: "should remove disallowed attributes",
input: "<v.blue.green onclick=\"alert('XSS')\">More text</v>",
expectedOutput: "<v.blue.green>More text</v>",
},
{
description: "should remove disallowed attributes",
input:
'<v.blue.green>More text</v><img src="x" onerror="alert(\'XSS\');">',
expectedOutput: "<v.blue.green>More text</v>",
},
{
description: "should remove disallowed attributes",
input:
"<v.blue.green onclick=\"alert('XSS')\">More text</v><a href=\"javascript:alert('XSS')\">Click me</a>",
expectedOutput: "<v.blue.green>More text</v>Click me",
},
{
description: "should handle empty input",
input: "",
expectedOutput: "",
},
{
description: "should handle null input",
input: null,
expectedOutput: "",
},
{
description: "should handle special characters",
input: '<v class="test">Hello & welcome</v>',
expectedOutput: "<v.test>Hello & welcome</v>",
},
{
description: "should handle nested tags correctly",
input: "<v><b>Bold</b> and <i>italic</i></v>",
expectedOutput: "<v><b>Bold</b> and <i>italic</i></v>",
},
];
testCases.forEach(({ description, input, expectedOutput }) => {
test(description, async () => {
const result = await page.evaluate((input) => {
return window.validate.sanitizeVttContent(input);
}, input);
expect(result).toBe(expectedOutput);
});
});
// Since 4.8.0, input to sanitizeVttContent over 1000 characters is rejected.
test("should reject large input", async () => {
const received = await page.evaluate( async() => {
const largeInput =
"<v>text</v>".repeat(100) +
'<script>alert("XSS")</script>' +
"<v>text</v>".repeat(100);
try {
window.validate.sanitizeVttContent(largeInput);
return { success: true };
} catch (error) {
return { error: error.message };
}
});
// debugger; // Pause execution here to inspect the logs
expect(received.error).toBe('Input too long');
});
test("should handle random input", async () => {
const randomInput = Math.random().toString(36).substring(2);
const result = await page.evaluate((input) => {
return window.validate.sanitizeVttContent(input);
}, randomInput);
expect(result).toBe(randomInput);
});
});
/**
* Test cases for isProtocolSafe function
*/
describe("isProtocolSafe", () => {
// Define test cases inside the describe block
const testCases = [
{
description: "returns true for valid HTTP URL",
url: "http://example.com",
expected: true,
},
{
description: "returns true for valid HTTPS URL",
url: "https://example.com",
expected: true,
},
{
description: "returns true for omitted protocol URL",
url: "//example.com",
expected: true,
},
{
description: "returns true for relative URL",
url: "/path/to/resource",
expected: true,
},
{
description: "returns false for javascript protocol",
url: "javascript:alert(1)",
expected: false,
},
{
description: "returns false for data protocol",
url: "data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==",
expected: false,
},
];
// Iterate through each test case
testCases.forEach(({ description, url, expected }) => {
test(description, async () => {
const result = await page.evaluate((url) => {
return window.validate.isProtocolSafe(url);
}, url);
// Pass the `url` variable into the browser context
expect(result).toBe(expected);
});
});
});