feat: implement stage 2 of Milkdown integration (secure upload & xss guard)
This commit is contained in:
@@ -0,0 +1,54 @@
|
||||
using FluentAssertions;
|
||||
using NexusReader.Infrastructure.Services;
|
||||
using Xunit;
|
||||
|
||||
namespace NexusReader.Application.Tests.Services;
|
||||
|
||||
public class HtmlSanitizerServiceTests
|
||||
{
|
||||
[Fact]
|
||||
public void Sanitize_WithSafeInput_ReturnsSameInput()
|
||||
{
|
||||
// Arrange
|
||||
var service = new HtmlSanitizerService();
|
||||
var input = "<p>This is a safe <strong>paragraph</strong>.</p>";
|
||||
|
||||
// Act
|
||||
var result = service.Sanitize(input);
|
||||
|
||||
// Assert
|
||||
result.Should().Be(input);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Sanitize_WithScriptTag_StripsScriptTag()
|
||||
{
|
||||
// Arrange
|
||||
var service = new HtmlSanitizerService();
|
||||
var input = "<p>Hello</p><script>alert('xss')</script>";
|
||||
|
||||
// Act
|
||||
var result = service.Sanitize(input);
|
||||
|
||||
// Assert
|
||||
result.Should().NotContain("<script>");
|
||||
result.Should().NotContain("alert");
|
||||
result.Should().Be("<p>Hello</p>");
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Sanitize_WithOnEventHandlerAttribute_StripsOnError()
|
||||
{
|
||||
// Arrange
|
||||
var service = new HtmlSanitizerService();
|
||||
var input = "<img src=\"x\" onerror=\"alert(1)\" />";
|
||||
|
||||
// Act
|
||||
var result = service.Sanitize(input);
|
||||
|
||||
// Assert
|
||||
result.Should().NotContain("onerror");
|
||||
result.Should().NotContain("alert");
|
||||
result.Should().Contain("<img src=\"x\">");
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user