c94e8f0acb
This pull request completely overhauls the Creator editor flow, resolves the editor duplication race condition, aligns layout/styling themes in light and dark mode, and adds Docker staging setups. ### Key Changes 1. **Creator Flow Polish**: Redesigned the editor canvas to prevent double scrolling by delegating overflow to the editor canvas layer, updated styles to a premium aesthetic. 2. **Race Condition Prevention**: Resolved Crepe editor duplication when loading or switching chapters by tracking state via shared window maps (`window.editorCache`, `window.editorStates`) and checking `_lastInitializedEditorId` synchronously in Blazor. 3. **Theme Synchronization**: Integrated explicit theme initialization (`ThemeService.InitializeAsync()`) and anchored CSS isolation selectors to correctly sync with Light (Soft Sepia) and Deep Dark theme preferences. 4. **Staging Automation**: Created staging docker configurations with `--nexus-only` flag to allow iterative development without resetting PG/Neo4j database containers. --------- Co-authored-by: Marek Jasiński <jasins.marek@gmail.com> Reviewed-on: #83 Co-authored-by: Antigravity <antigravity@google.com> Co-committed-by: Antigravity <antigravity@google.com>
71 lines
1.9 KiB
C#
71 lines
1.9 KiB
C#
using FluentAssertions;
|
|
using NexusReader.Infrastructure.Services;
|
|
using Xunit;
|
|
|
|
namespace NexusReader.Application.Tests.Services;
|
|
|
|
public class HtmlSanitizerServiceTests
|
|
{
|
|
[Fact]
|
|
public void Sanitize_WithSafeInput_ReturnsSameInput()
|
|
{
|
|
// Arrange
|
|
var service = new HtmlSanitizerService();
|
|
var input = "<p>This is a safe <strong>paragraph</strong>.</p>";
|
|
|
|
// Act
|
|
var result = service.Sanitize(input);
|
|
|
|
// Assert
|
|
result.Should().Be(input);
|
|
}
|
|
|
|
[Fact]
|
|
public void Sanitize_WithScriptTag_StripsScriptTag()
|
|
{
|
|
// Arrange
|
|
var service = new HtmlSanitizerService();
|
|
var input = "<p>Hello</p><script>alert('xss')</script>";
|
|
|
|
// Act
|
|
var result = service.Sanitize(input);
|
|
|
|
// Assert
|
|
result.Should().NotContain("<script>");
|
|
result.Should().NotContain("alert");
|
|
result.Should().Be("<p>Hello</p>");
|
|
}
|
|
|
|
[Fact]
|
|
public void Sanitize_WithOnEventHandlerAttribute_StripsOnError()
|
|
{
|
|
// Arrange
|
|
var service = new HtmlSanitizerService();
|
|
var input = "<img src=\"x\" onerror=\"alert(1)\" />";
|
|
|
|
// Act
|
|
var result = service.Sanitize(input);
|
|
|
|
// Assert
|
|
result.Should().NotContain("onerror");
|
|
result.Should().NotContain("alert");
|
|
result.Should().Contain("<img src=\"x\">");
|
|
}
|
|
|
|
[Fact]
|
|
public void Sanitize_WithMarkdownCodeBlockContainingAngleBrackets_DoesNotStripAngleBrackets()
|
|
{
|
|
// Arrange
|
|
var service = new HtmlSanitizerService();
|
|
var input = "Here is some code:\n\n```csharp\nif (x < y && y > z) { Console.WriteLine(\"test\"); }\n```";
|
|
|
|
// Act
|
|
var result = service.Sanitize(input);
|
|
|
|
// Assert
|
|
result.Should().Contain("<");
|
|
result.Should().Contain(">");
|
|
result.Should().NotContain("<script>");
|
|
}
|
|
}
|