Files
Nexus.Reader/tests/NexusReader.Application.Tests/Services/HtmlSanitizerServiceTests.cs
T
Antigravity c94e8f0acb feat(creator): overhaul Creator flow, editor duplication, and staging setup (#83)
This pull request completely overhauls the Creator editor flow, resolves the editor duplication race condition, aligns layout/styling themes in light and dark mode, and adds Docker staging setups.

### Key Changes
1. **Creator Flow Polish**: Redesigned the editor canvas to prevent double scrolling by delegating overflow to the editor canvas layer, updated styles to a premium aesthetic.
2. **Race Condition Prevention**: Resolved Crepe editor duplication when loading or switching chapters by tracking state via shared window maps (`window.editorCache`, `window.editorStates`) and checking `_lastInitializedEditorId` synchronously in Blazor.
3. **Theme Synchronization**: Integrated explicit theme initialization (`ThemeService.InitializeAsync()`) and anchored CSS isolation selectors to correctly sync with Light (Soft Sepia) and Deep Dark theme preferences.
4. **Staging Automation**: Created staging docker configurations with `--nexus-only` flag to allow iterative development without resetting PG/Neo4j database containers.

---------

Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #83
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
2026-06-15 17:15:42 +00:00

71 lines
1.9 KiB
C#

using FluentAssertions;
using NexusReader.Infrastructure.Services;
using Xunit;
namespace NexusReader.Application.Tests.Services;
public class HtmlSanitizerServiceTests
{
[Fact]
public void Sanitize_WithSafeInput_ReturnsSameInput()
{
// Arrange
var service = new HtmlSanitizerService();
var input = "<p>This is a safe <strong>paragraph</strong>.</p>";
// Act
var result = service.Sanitize(input);
// Assert
result.Should().Be(input);
}
[Fact]
public void Sanitize_WithScriptTag_StripsScriptTag()
{
// Arrange
var service = new HtmlSanitizerService();
var input = "<p>Hello</p><script>alert('xss')</script>";
// Act
var result = service.Sanitize(input);
// Assert
result.Should().NotContain("<script>");
result.Should().NotContain("alert");
result.Should().Be("<p>Hello</p>");
}
[Fact]
public void Sanitize_WithOnEventHandlerAttribute_StripsOnError()
{
// Arrange
var service = new HtmlSanitizerService();
var input = "<img src=\"x\" onerror=\"alert(1)\" />";
// Act
var result = service.Sanitize(input);
// Assert
result.Should().NotContain("onerror");
result.Should().NotContain("alert");
result.Should().Contain("<img src=\"x\">");
}
[Fact]
public void Sanitize_WithMarkdownCodeBlockContainingAngleBrackets_DoesNotStripAngleBrackets()
{
// Arrange
var service = new HtmlSanitizerService();
var input = "Here is some code:\n\n```csharp\nif (x < y && y > z) { Console.WriteLine(\"test\"); }\n```";
// Act
var result = service.Sanitize(input);
// Assert
result.Should().Contain("&lt;");
result.Should().Contain("&gt;");
result.Should().NotContain("<script>");
}
}