/
replace-inner-html-test.js
44 lines (36 loc) · 1.47 KB
/
replace-inner-html-test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import { replaceInnerHtml } from 'utils/dom';
import sinon from 'sinon';
describe('replaceInnerHtml', function () {
const sandbox = sinon.sandbox.create();
let element;
beforeEach(() => {
element = document.createElement('div');
sandbox.spy(console, 'log');
});
afterEach(() => {
sandbox.restore();
});
it('should sanitize and append image tags', function() {
const imageHtml = '<img src=foo onerror="console.log(\'bar\')">';
replaceInnerHtml(element, imageHtml);
expect(console.log).to.have.callCount(0);
expect(element.firstChild.getAttribute('onerror')).to.equal(null);
});
it('should sanitizea and add svg tags', function() {
const svgHtml = '<svg xmlns="http://www.w3.org/2000/svg" onload="console.log(\'baz\')"/>';
replaceInnerHtml(element, svgHtml);
expect(console.log).to.have.callCount(0);
expect(element.firstChild.getAttribute('onload')).to.equal(null);
});
it('should remove script tags', function() {
const scriptHtml = '<script src="no.js" onerror="console.log(\'foobar\');"></script>';
replaceInnerHtml(element, scriptHtml);
expect(console.log).to.have.callCount(0);
expect(element.firstChild).to.equal(null);
});
it('should not append if html is an empty string', function() {
const empty = '';
replaceInnerHtml(element, empty);
expect(element.firstChild).to.equal(null);
});
});