go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/milo/ui/src/common/tools/sanitize_html/sanitize_html.test.ts

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/milo/ui/src/common/tools/sanitize_html/sanitize_html.test.ts (about)

     1  // Copyright 2020 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  import { fixture, html } from '@open-wc/testing-helpers';
    16  import { unsafeHTML } from 'lit/directives/unsafe-html.js';
    17  
    18  import { initDefaultTrustedTypesPolicy, sanitizeHTML } from './sanitize_html';
    19  
    20  initDefaultTrustedTypesPolicy();
    21  
    22  const DIRTY_HTML = `
    23  <div>
    24    <a href="https://www.google.com" target="_blank"></a>
    25    <a href="https://www.google.com"></a>
    26    <a href="https://www.google.com" target="_self"></a>
    27    <a href="https://www.google.com" target="_blank" rel="nofollow"></a>
    28    <a href="https://www.google.com" target="_blank" rel="noopener nofollow"></a>
    29    <form target="_blank"></form>
    30    <area target="_blank"></area>
    31  </div>
    32  `;
    33  
    34  describe('sanitize_html', () => {
    35    let root: Element;
    36    let anchors: NodeListOf<HTMLAnchorElement>;
    37    beforeAll(async () => {
    38      root = await fixture(html`${unsafeHTML(sanitizeHTML(DIRTY_HTML))}`);
    39      anchors = root.querySelectorAll('a');
    40    });
    41  
    42    test('should set rel="noopener" when target attribute is set to _blank', () => {
    43      const anchor = anchors.item(0);
    44      expect(anchor.getAttribute('rel')).toStrictEqual('noopener');
    45    });
    46  
    47    test('should set rel="noopener" when target attribute is not set', () => {
    48      const anchor = anchors.item(1);
    49      expect(anchor.getAttribute('rel')).toStrictEqual('noopener');
    50    });
    51  
    52    test('should not set rel="noopener" when target attribute is set but not _blank', () => {
    53      const anchor = anchors.item(2);
    54      expect(anchor.getAttribute('rel')).toBeNull();
    55    });
    56  
    57    test('should append to the existing rel attribute', () => {
    58      const anchor = anchors.item(3);
    59      expect(anchor.getAttribute('rel')).toStrictEqual('nofollow noopener');
    60    });
    61  
    62    test('should not set rel="noopener" when it is already present', () => {
    63      const anchor = anchors.item(4);
    64      expect(anchor.getAttribute('rel')).toStrictEqual('noopener nofollow');
    65    });
    66  
    67    test('should set rel="noopener" on <form> and <area> as well', () => {
    68      const form = root.querySelector('form')!;
    69      expect(form.getAttribute('rel')).toStrictEqual('noopener');
    70  
    71      const area = root.querySelector('area')!;
    72      expect(area.getAttribute('rel')).toStrictEqual('noopener');
    73    });
    74  });