select2/tests/utils/escapeMarkup-tests.js

module('Utils - escapeMarkup');

var Utils = require('select2/utils');

test('text passes through', function (assert) {
  var text = 'testing this';
  var escaped = Utils.escapeMarkup(text);

  assert.equal(text, escaped);
});

test('html tags are escaped', function (assert) {
  var text = '<script>alert("bad");</script>';
  var escaped = Utils.escapeMarkup(text);

  assert.notEqual(text, escaped);
  assert.equal(escaped.indexOf('<script>'), -1);
});

test('quotes are killed as well', function (assert) {
  var text = 'testin\' these "quotes"';
  var escaped = Utils.escapeMarkup(text);

  assert.notEqual(text, escaped);
  assert.equal(escaped.indexOf('\''), -1);
  assert.equal(escaped.indexOf('"'), -1);
});
Added back `escapeMarkup` This is needed to escape any bad markup that is passed through user-entered data. Users can prevent their markup from being escaped by using a no-op `escapeMarkup` function. This closes https://github.com/select2/select2/issues/2990. 2015-01-29 16:41:18 +03:00			`module('Utils - escapeMarkup');`

			`var Utils = require('select2/utils');`

			`test('text passes through', function (assert) {`
			`var text = 'testing this';`
			`var escaped = Utils.escapeMarkup(text);`

			`assert.equal(text, escaped);`
			`});`

			`test('html tags are escaped', function (assert) {`
			`var text = '<script>alert("bad");</script>';`
			`var escaped = Utils.escapeMarkup(text);`

			`assert.notEqual(text, escaped);`
			`assert.equal(escaped.indexOf('<script>'), -1);`
			`});`

			`test('quotes are killed as well', function (assert) {`
			`var text = 'testin\' these "quotes"';`
			`var escaped = Utils.escapeMarkup(text);`

			`assert.notEqual(text, escaped);`
			`assert.equal(escaped.indexOf('\''), -1);`
			`assert.equal(escaped.indexOf('"'), -1);`
			`});`