14 lines
555 B
JavaScript
14 lines
555 B
JavaScript
import { expect, test } from "@odoo/hoot";
|
|
import { setupEditor } from "./_helpers/editor";
|
|
|
|
test("sanitize should remove nasty elements", async () => {
|
|
const { editor } = await setupEditor("");
|
|
expect(editor.shared.sanitize.sanitize("<img src=x onerror=alert(1)//>")).toBe('<img src="x">');
|
|
expect(editor.shared.sanitize.sanitize("<svg><g/onload=alert(2)//<p>")).toBe(
|
|
"<svg><g></g></svg>"
|
|
);
|
|
expect(
|
|
editor.shared.sanitize.sanitize("<p>abc<iframe//src=jAva	script:alert(3)>def</p>")
|
|
).toBe("<p>abc</p>");
|
|
});
|