hotswap/delphi-database
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing rolodex and search

Browse Source
This commit is contained in:
HotSwapp
2025-08-11 21:58:25 -05:00
parent 278eb7c5d4
commit c76b68d009
25 changed files with 1651 additions and 915 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
static/js/__tests__/alerts.test.js Normal file
View File

@@ -0,0 +1,58 @@
/** @jest-environment jsdom */
const path = require('path');
// Load sanitizer utility first so alerts can delegate to it
require(path.join(__dirname, '..', 'sanitizer.js'));
// Load the alerts module (IIFE attaches itself to window)
require(path.join(__dirname, '..', 'alerts.js'));
describe('alerts._sanitize', () => {
const sanitize = window.alerts && window.alerts._sanitize;
it('should be a function', () => {
expect(typeof sanitize).toBe('function');
});
it('removes <script> tags and event-handler attributes', () => {
const dirty = '<img src="x" onerror="alert(1)"><script>alert("x")</script><p>Hello</p>';
const clean = sanitize(dirty);
expect(clean).toContain('<img src="x">');
expect(clean).toContain('<p>Hello</p>');
expect(clean).not.toMatch(/<script/i);
expect(clean).not.toMatch(/onerror/i);
});
it('uses DOMPurify after it is lazily loaded', async () => {
// Ensure DOMPurify is not present initially
delete window.DOMPurify;
const mockPurify = {
sanitize: jest.fn((html) => `CLEAN:${html}`)
};
// Spy on the shared sanitizer loader and inject DOMPurify once called
const loaderSpy = jest
.spyOn(window.htmlSanitizer, 'ensureDOMPurifyLoaded')
.mockImplementation(() => {
window.DOMPurify = mockPurify;
return Promise.resolve(mockPurify);
});
const dirty = '<span onclick="evil()">Hi</span>';
// First call: fallback sanitizer, DOMPurify not used yet
const first = sanitize(dirty);
expect(mockPurify.sanitize).not.toHaveBeenCalled();
expect(loaderSpy).toHaveBeenCalledTimes(1);
// Wait for loader promise to resolve
await loaderSpy.mock.results[0].value;
// Second call: should use DOMPurify
const second = sanitize(dirty);
expect(mockPurify.sanitize).toHaveBeenCalledTimes(1);
expect(second).toBe(`CLEAN:${dirty}`);
loaderSpy.mockRestore();
});
});