import { sanitizeHtml, sanitizeText, sanitizeUrl } from "../sanitize";
describe("Sanitization Functions", () => {
describe("sanitizeText", () => {
it("should remove HTML tags", () => {
const dirty = "Hello";
const clean = sanitizeText(dirty);
expect(clean).not.toContain("");
});
it("should handle null and undefined", () => {
expect(sanitizeText(null)).toBe("");
expect(sanitizeText(undefined)).toBe("");
});
it("should escape dangerous characters", () => {
const dirty = "";
const clean = sanitizeText(dirty);
expect(clean).not.toContain("
{
it("should block javascript: URLs", () => {
const dirty = "javascript:alert('XSS')";
const clean = sanitizeUrl(dirty);
expect(clean).toBe("");
});
it("should block data: URLs", () => {
const dirty = "data:text/html,";
const clean = sanitizeUrl(dirty);
expect(clean).toBe("");
});
it("should allow safe URLs", () => {
const safe = "https://example.com";
const clean = sanitizeUrl(safe);
expect(clean).toBeTruthy();
});
it("should handle null and undefined", () => {
expect(sanitizeUrl(null)).toBe("");
expect(sanitizeUrl(undefined)).toBe("");
});
});
describe("sanitizeHtml", () => {
it("should remove script tags", () => {
const dirty = "
Hello
"; const clean = sanitizeHtml(dirty); expect(clean).not.toContain("