fixing rolodex and search

static/js/__tests__/sanitizer.test.js

@@ -0,0 +1,56 @@
+/** @jest-environment jsdom */
+
+require('../sanitizer.js');
+
+describe('htmlSanitizer', () => {
+  it('escape() encodes special HTML chars', () => {
+    const { escape } = window.htmlSanitizer;
+    expect(escape('<div>')).toBe('&lt;div&gt;');
+    expect(escape('Tom & Jerry')).toBe('Tom &amp; Jerry');
+    expect(escape('"quotes" and \'apostrophes\'')).toContain('&quot;');
+  });
+
+  it('sanitize() returns safe HTML and does not double-escape plain text', () => {
+    const { sanitize, escape } = window.htmlSanitizer;
+    const dirty = '<img src=x onerror=alert(1)><p>Hello</p>';
+    const clean = sanitize(dirty);
+    expect(clean).toContain('<img');
+    expect(clean).toContain('<p>Hello</p>');
+    expect(clean).not.toMatch(/onerror/i);
+
+    const text = '<b>bold</b>';
+    const escaped = escape(text);
+    const sanitizedEscaped = sanitize(escaped);
+    expect(sanitizedEscaped).toBe(escaped);
+  });
+
+  it('setSafeHTML sets sanitized HTML on the element', () => {
+    const el = document.createElement('div');
+    const dirty = '<img src=x onerror=alert(1)><p>Hello</p>';
+    window.setSafeHTML(el, dirty);
+    expect(el.innerHTML).toContain('<img');
+    expect(el.innerHTML).toContain('<p>Hello</p>');
+    expect(el.innerHTML).not.toMatch(/onerror/i);
+  });
+
+  it('setSafeHTML uses DOMPurify when it becomes available after first call', () => {
+    // Ensure not present initially
+    delete window.DOMPurify;
+
+    const el = document.createElement('div');
+    const html = '<em>hello</em>';
+
+    // First call: fallback sanitizer (no DOMPurify)
+    window.setSafeHTML(el, html);
+
+    // Now make DOMPurify available
+    const mockPurify = { sanitize: jest.fn((h) => `CLEAN:${h}`) };
+    window.DOMPurify = mockPurify;
+
+    // Second call should use DOMPurify
+    window.setSafeHTML(el, html);
+
+    expect(mockPurify.sanitize).toHaveBeenCalledTimes(1);
+    expect(el.innerHTML).toBe(`CLEAN:${html}`);
+  });
+});