import { sanitizeHtml, sanitizeText, sanitizeUrl } from "../sanitize"; describe("Sanitization Functions", () => { describe("sanitizeText", () => { it("should remove HTML tags", () => { const dirty = "Hello"; const clean = sanitizeText(dirty); expect(clean).not.toContain(""); }); it("should handle null and undefined", () => { expect(sanitizeText(null)).toBe(""); expect(sanitizeText(undefined)).toBe(""); }); it("should escape dangerous characters", () => { const dirty = ""; const clean = sanitizeText(dirty); expect(clean).not.toContain(" { it("should block javascript: URLs", () => { const dirty = "javascript:alert('XSS')"; const clean = sanitizeUrl(dirty); expect(clean).toBe(""); }); it("should block data: URLs", () => { const dirty = "data:text/html,"; const clean = sanitizeUrl(dirty); expect(clean).toBe(""); }); it("should allow safe URLs", () => { const safe = "https://example.com"; const clean = sanitizeUrl(safe); expect(clean).toBeTruthy(); }); it("should handle null and undefined", () => { expect(sanitizeUrl(null)).toBe(""); expect(sanitizeUrl(undefined)).toBe(""); }); }); describe("sanitizeHtml", () => { it("should remove script tags", () => { const dirty = "

Hello

"; const clean = sanitizeHtml(dirty); expect(clean).not.toContain("