1
0
mirror of synced 2024-11-26 06:46:04 +03:00
select2/tests/utils/escapeMarkup-tests.js
Kevin Brown 5a0f7f5518 Added back escapeMarkup
This is needed to escape any bad markup that is passed through
user-entered data. Users can prevent their markup from being
escaped by using a no-op `escapeMarkup` function.

This closes https://github.com/select2/select2/issues/2990.
2015-01-29 09:15:02 -05:00

28 lines
716 B
JavaScript

module('Utils - escapeMarkup');
var Utils = require('select2/utils');
test('text passes through', function (assert) {
var text = 'testing this';
var escaped = Utils.escapeMarkup(text);
assert.equal(text, escaped);
});
test('html tags are escaped', function (assert) {
var text = '<script>alert("bad");</script>';
var escaped = Utils.escapeMarkup(text);
assert.notEqual(text, escaped);
assert.equal(escaped.indexOf('<script>'), -1);
});
test('quotes are killed as well', function (assert) {
var text = 'testin\' these "quotes"';
var escaped = Utils.escapeMarkup(text);
assert.notEqual(text, escaped);
assert.equal(escaped.indexOf('\''), -1);
assert.equal(escaped.indexOf('"'), -1);
});