Skip to content

Commit 2cfbc99

Browse files
nadeem-csnadeem-cs
committed
test: add tests for html escaping in jsontohtml function
1 parent f440877 commit 2cfbc99

File tree

2 files changed

+137
-0
lines changed

2 files changed

+137
-0
lines changed

__test__/json-to-html.test.ts

Lines changed: 123 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,129 @@ describe('Node parser paragraph content', () => {
141141
expect(entry.rich_text_editor).toEqual(escapeHtml)
142142
done()
143143
})
144+
145+
it('Should escape HTML tags in text content to prevent rendering as HTML', done => {
146+
const entry = {
147+
uid: 'test_uid',
148+
rich_text_editor: {
149+
uid: "uid",
150+
_version: 1,
151+
attrs: {},
152+
children: [
153+
{
154+
children: [
155+
{
156+
text: '<b>Hello <i>world</i></b>! This is paragraph 1.'
157+
}
158+
],
159+
type: 'p',
160+
uid: 'hjsbhys1234',
161+
attrs: {}
162+
}
163+
],
164+
type: "doc"
165+
}
166+
}
167+
168+
jsonToHTML({entry, paths: ['rich_text_editor']})
169+
170+
expect(entry.rich_text_editor).toEqual('<p>&lt;b&gt;Hello &lt;i&gt;world&lt;/i&gt;&lt;/b&gt;! This is paragraph 1.</p>')
171+
done()
172+
})
173+
174+
it('Should escape HTML tags in text with actual bold formatting', done => {
175+
const entry = {
176+
uid: 'test_uid',
177+
rich_text_editor: {
178+
uid: "uid",
179+
_version: 1,
180+
attrs: {},
181+
children: [
182+
{
183+
children: [
184+
{
185+
text: 'This is ',
186+
},
187+
{
188+
text: '<b>bold text</b>',
189+
bold: true
190+
},
191+
{
192+
text: ' with HTML tags'
193+
}
194+
],
195+
type: 'p',
196+
uid: 'test_uid_1',
197+
attrs: {}
198+
}
199+
],
200+
type: "doc"
201+
}
202+
}
203+
204+
jsonToHTML({entry, paths: ['rich_text_editor']})
205+
206+
expect(entry.rich_text_editor).toEqual('<p>This is <strong>&lt;b&gt;bold text&lt;/b&gt;</strong> with HTML tags</p>')
207+
done()
208+
})
209+
210+
it('Should escape dangerous script tags in text content', done => {
211+
const entry = {
212+
uid: 'test_uid',
213+
rich_text_editor: {
214+
uid: "uid",
215+
_version: 1,
216+
attrs: {},
217+
children: [
218+
{
219+
children: [
220+
{
221+
text: '<script>alert("XSS")</script> This should be safe'
222+
}
223+
],
224+
type: 'p',
225+
uid: 'test_uid_2',
226+
attrs: {}
227+
}
228+
],
229+
type: "doc"
230+
}
231+
}
232+
233+
jsonToHTML({entry, paths: ['rich_text_editor']})
234+
235+
expect(entry.rich_text_editor).toEqual('<p>&lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt; This should be safe</p>')
236+
done()
237+
})
238+
239+
it('Should escape HTML entities like ampersand and quotes in text', done => {
240+
const entry = {
241+
uid: 'test_uid',
242+
rich_text_editor: {
243+
uid: "uid",
244+
_version: 1,
245+
attrs: {},
246+
children: [
247+
{
248+
children: [
249+
{
250+
text: 'Text with & ampersand and "quotes" should be escaped'
251+
}
252+
],
253+
type: 'p',
254+
uid: 'test_uid_3',
255+
attrs: {}
256+
}
257+
],
258+
type: "doc"
259+
}
260+
}
261+
262+
jsonToHTML({entry, paths: ['rich_text_editor']})
263+
264+
expect(entry.rich_text_editor).toEqual('<p>Text with &amp; ampersand and &quot;quotes&quot; should be escaped</p>')
265+
done()
266+
})
144267
})
145268

146269

package-lock.json

Lines changed: 14 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)