-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[![PR App][icn]][demo] | Fix RM-9019 :-------------------:|:----------: ## 🧰 Changes HTML for everyone! ## 🧬 QA & Testing - [Broken on production][prod]. - [Working in this PR app][demo]. [demo]: https://markdown-pr-PR_NUMBER.herokuapp.com [prod]: https://SUBDOMAIN.readme.io [icn]: https://user-images.githubusercontent.com/886627/160426047-1bee9488-305a-4145-bb2b-09d8b757d38a.svg
- Loading branch information
1 parent
e4e3417
commit 1761667
Showing
19 changed files
with
258 additions
and
475 deletions.
There are no files selected for viewing
Binary file added
BIN
+72.8 KB
...al-regression-tests-rdmd-syntax-renders-html-tests-without-surprises-1-snap.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
import { render, screen, cleanup } from '@testing-library/react'; | ||
import React from 'react'; | ||
import { renderToStaticMarkup, renderToString } from 'react-dom/server'; | ||
import { vi } from 'vitest'; | ||
|
||
import HTMLBlock from '../../components/HTMLBlock'; | ||
import { compile, run } from '../../index'; | ||
|
||
describe('HTML Block', () => { | ||
beforeEach(() => { | ||
global.mockFn = vi.fn(); | ||
}); | ||
|
||
afterEach(() => { | ||
cleanup(); | ||
vi.restoreAllMocks(); | ||
}); | ||
|
||
it('runs user scripts in compat mode', () => { | ||
render(<HTMLBlock runScripts={true}>{`<script>mockFn()</script>`}</HTMLBlock>); | ||
expect(global.mockFn).toHaveBeenCalledTimes(1); | ||
}); | ||
|
||
it("doesn't run user scripts by default", () => { | ||
render(<HTMLBlock>{`<script>mockFn()</script>`}</HTMLBlock>); | ||
expect(global.mockFn).toHaveBeenCalledTimes(0); | ||
}); | ||
|
||
it("doesn't render user scripts by default", () => { | ||
render(<HTMLBlock>{`<script>mockFn()</script>`}</HTMLBlock>); | ||
expect(screen.queryByText('mockFn()')).not.toBeInTheDocument(); | ||
}); | ||
|
||
it("doesn't render user scripts with weird endings", () => { | ||
render(<HTMLBlock>{`<script>mockFn()</script foo='bar'>`}</HTMLBlock>); | ||
expect(screen.queryByText('mockFn()')).not.toBeInTheDocument(); | ||
}); | ||
|
||
it("doesn't render user scripts with a malicious string", () => { | ||
render(<HTMLBlock>{`<scrip<script></script>t>mockFn()</s<script></script>cript>`}</HTMLBlock>); | ||
expect(screen.queryByText('mockFn()')).not.toBeInTheDocument(); | ||
}); | ||
|
||
it("doesn't run scripts on the server (even in compat mode)", () => { | ||
const html = ` | ||
<h1>Hello World</h1> | ||
<script>mockFn()</script> | ||
`; | ||
const elem = <HTMLBlock runScripts={true}>{html}</HTMLBlock>; | ||
const view = renderToString(elem); | ||
expect(elem.props.runScripts).toBe(true); | ||
expect(view.indexOf('<script>')).toBeLessThan(0); | ||
expect(view.indexOf('<h1>')).toBeGreaterThanOrEqual(0); | ||
}); | ||
|
||
it('renders the html in a `<pre>` tag if safeMode={true}', async () => { | ||
const md = '<HTMLBlock safeMode={true}>{`<button onload="alert(\'gotcha!\')"/>`}</HTMLBlock>'; | ||
const code = compile(md); | ||
const Component = await run(code); | ||
expect(renderToStaticMarkup(<Component />)).toMatchInlineSnapshot( | ||
'"<pre class="html-unsafe"><code><button onload="alert('gotcha!')"/></code></pre>"', | ||
); | ||
}); | ||
}); |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.