5a0f7f5518
This is needed to escape any bad markup that is passed through user-entered data. Users can prevent their markup from being escaped by using a no-op `escapeMarkup` function. This closes https://github.com/select2/select2/issues/2990.
28 lines
716 B
JavaScript
28 lines
716 B
JavaScript
module('Utils - escapeMarkup');
|
|
|
|
var Utils = require('select2/utils');
|
|
|
|
test('text passes through', function (assert) {
|
|
var text = 'testing this';
|
|
var escaped = Utils.escapeMarkup(text);
|
|
|
|
assert.equal(text, escaped);
|
|
});
|
|
|
|
test('html tags are escaped', function (assert) {
|
|
var text = '<script>alert("bad");</script>';
|
|
var escaped = Utils.escapeMarkup(text);
|
|
|
|
assert.notEqual(text, escaped);
|
|
assert.equal(escaped.indexOf('<script>'), -1);
|
|
});
|
|
|
|
test('quotes are killed as well', function (assert) {
|
|
var text = 'testin\' these "quotes"';
|
|
var escaped = Utils.escapeMarkup(text);
|
|
|
|
assert.notEqual(text, escaped);
|
|
assert.equal(escaped.indexOf('\''), -1);
|
|
assert.equal(escaped.indexOf('"'), -1);
|
|
});
|