/
escapeScriptForBrowser-test.js
107 lines (98 loc) · 3.35 KB
/
escapeScriptForBrowser-test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/**
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*
* @emails react-core
*/
'use strict';
let React;
let ReactDOMFizzServer;
let Stream;
function getTestWritable() {
const writable = new Stream.PassThrough();
writable.setEncoding('utf8');
const output = {result: '', error: undefined};
writable.on('data', chunk => {
output.result += chunk;
});
writable.on('error', error => {
output.error = error;
});
const completed = new Promise(resolve => {
writable.on('finish', () => {
resolve();
});
writable.on('error', () => {
resolve();
});
});
return {writable, completed, output};
}
describe('escapeScriptForBrowser', () => {
beforeEach(() => {
jest.resetModules();
React = require('react');
ReactDOMFizzServer = require('react-dom/server');
Stream = require('stream');
});
it('"<[Ss]cript" strings are replaced with unicode escaped lowercase s or S depending on case', () => {
const {writable, output} = getTestWritable();
const {pipe} = ReactDOMFizzServer.renderToPipeableStream(<div />, {
bootstrapScriptContent:
'"prescription pre<scription preScription pre<Scription"',
});
pipe(writable);
jest.runAllTimers();
expect(output.result).toMatch(
'<div></div><script>"prescription pre<\\u0073cription preScription pre<\\u0053cription"</script>',
);
});
it('"</[Ss]cript" strings are replaced with encoded lowercase s or S depending on case', () => {
const {writable, output} = getTestWritable();
const {pipe} = ReactDOMFizzServer.renderToPipeableStream(<div />, {
bootstrapScriptContent:
'"prescription pre</scription preScription pre</Scription"',
});
pipe(writable);
jest.runAllTimers();
expect(output.result).toMatch(
'<div></div><script>"prescription pre</\\u0073cription preScription pre</\\u0053cription"</script>',
);
});
it('"[Ss]cript", "/[Ss]cript", "<[Ss]crip", "</[Ss]crip" strings are not escaped', () => {
const {writable, output} = getTestWritable();
const {pipe} = ReactDOMFizzServer.renderToPipeableStream(<div />, {
bootstrapScriptContent:
'"Script script /Script /script <Scrip <scrip </Scrip </scrip"',
});
pipe(writable);
jest.runAllTimers();
expect(output.result).toMatch(
'<div></div><script>"Script script /Script /script <Scrip <scrip </Scrip </scrip"</script>',
);
});
it('matches case insensitively', () => {
const {writable, output} = getTestWritable();
const {pipe} = ReactDOMFizzServer.renderToPipeableStream(<div />, {
bootstrapScriptContent: '"<sCrIpT <ScripT </scrIPT </SCRIpT"',
});
pipe(writable);
jest.runAllTimers();
expect(output.result).toMatch(
'<div></div><script>"<\\u0073CrIpT <\\u0053cripT </\\u0073crIPT </\\u0053CRIpT"</script>',
);
});
it('does not escape <, >, &, \\u2028, or \\u2029 characters', () => {
const {writable, output} = getTestWritable();
const {pipe} = ReactDOMFizzServer.renderToPipeableStream(<div />, {
bootstrapScriptContent: '"<, >, &, \u2028, or \u2029"',
});
pipe(writable);
jest.runAllTimers();
expect(output.result).toMatch(
'<div></div><script>"<, >, &, \u2028, or \u2029"</script>',
);
});
});