import { DefaultAllowlist, sanitizeHtml } from '../../../src/util/sanitizer' describe('Sanitizer', () => { describe('sanitizeHtml', () => { it('should return the same on empty string', () => { const empty = '' const result = sanitizeHtml(empty, DefaultAllowlist, null) expect(result).toEqual(empty) }) it('should sanitize template by removing tags with XSS', () => { const template = [ '
', ' Click me', ' Some content', '
' ].join('') const result = sanitizeHtml(template, DefaultAllowlist, null) expect(result.indexOf('script') === -1).toEqual(true) }) it('should allow aria attributes and safe attributes', () => { const template = [ '
', ' Some content', '
' ].join('') const result = sanitizeHtml(template, DefaultAllowlist, null) expect(result.indexOf('aria-pressed') !== -1).toEqual(true) expect(result.indexOf('class="test"') !== -1).toEqual(true) }) it('should remove tags not in allowlist', () => { const template = [ '
', ' ', '
' ].join('') const result = sanitizeHtml(template, DefaultAllowlist, null) expect(result.indexOf('