add html sanitization test

2023-04-09 21:59:39 +02:00
parent 152e8f5bc6
commit 8025ba0f82
1 changed files with 21 additions and 0 deletions
--- a/tests/app.test.js
+++ b/tests/app.test.js
@@ -223,6 +223,27 @@ describe('Events', () => {
    expect(response.body.title).toBe('test title 4')
    expect(response.body.tags[0]).toBe('test tag')
  })
+
+
+  test('should sanitize htlm in description', async () => {
+    const event = {
+      title: 'test title',
+      place_id: places[0],
+      start_datetime: dayjs().unix() + 1000,
+      tags: ['test tags'],
+      description: `<p wrong-attr="" onclick="alert('test');">inside paragraph</p><a href="https://test.com/?query=true&fbclid=facebook_id">link with fb reference</a>`
+    }
+
+
+    const response = await request(app).post('/api/event')
+      .send(event)
+      .expect(200)
+      .expect('Content-Type', /json/)
+      
+    expect(response.body.description).toBe(`<p>inside paragraph</p><a href="https://test.com/?query=true">link with fb reference</a>`)
+    
+  })
+
 })

 let event = {}