1
0
mirror of synced 2024-11-25 06:16:08 +03:00
select2/tests/utils/escapeMarkup-tests.js
Kevin Brown 0f7a37b2d6 Pass through non-strings in escapeMarkup
It is assumed that DOM elements or related objects will have been
escaped before they are passed back from templating functions. As
strings are typically blinding concatenated, like in our defaults,
it makes sense to escape the markup within them.

This is related to https://github.com/select2/select2/issues/3005.
2015-02-06 19:45:10 -05:00

37 lines
954 B
JavaScript

module('Utils - escapeMarkup');
var Utils = require('select2/utils');
test('text passes through', function (assert) {
var text = 'testing this';
var escaped = Utils.escapeMarkup(text);
assert.equal(text, escaped);
});
test('html tags are escaped', function (assert) {
var text = '<script>alert("bad");</script>';
var escaped = Utils.escapeMarkup(text);
assert.notEqual(text, escaped);
assert.equal(escaped.indexOf('<script>'), -1);
});
test('quotes are killed as well', function (assert) {
var text = 'testin\' these "quotes"';
var escaped = Utils.escapeMarkup(text);
assert.notEqual(text, escaped);
assert.equal(escaped.indexOf('\''), -1);
assert.equal(escaped.indexOf('"'), -1);
});
test('DocumentFragment options pass through', function (assert) {
var frag = document.createDocumentFragment();
frag.innerHTML = '<strong>test</strong>';
var escaped = Utils.escapeMarkup(frag);
assert.equal(frag, escaped);
});