FrontendAtlas
Study
▾
Dashboard
Pricing
Get full access
</> Code
Test cases
Language
JavaScript
TypeScript
export default function sanitizeHrefUrl(input) { throw new Error('Not implemented'); }
import sanitizeHrefUrl from './sanitizeHrefUrl'; describe('sanitizeHrefUrl', () => { test('blocks javascript: and data: URLs (case/whitespace/control chars)', () => { expect(sanitizeHrefUrl('javascript:alert(1)')).toBe(null); expect(sanitizeHrefUrl(' JaVaScRiPt:alert(1) ')).toBe(null); expect(sanitizeHrefUrl('java\u0000script:alert(1)')).toBe(null); expect(sanitizeHrefUrl('data:text/html,<svg onload=alert(1)>')).toBe(null); expect(sanitizeHrefUrl('vbscript:msgbox(1)')).toBe(null); }); test('blocks protocol-relative and backslash URLs', () => { expect(sanitizeHrefUrl('//evil.com')).toBe(null); expect(sanitizeHrefUrl('\\\\evil.com')).toBe(null); }); test('allows relative URLs and fragments', () => { expect(sanitizeHrefUrl('/settings')).toBe('/settings'); expect(sanitizeHrefUrl('./settings')).toBe('./settings'); expect(sanitizeHrefUrl('../settings')).toBe('../settings'); expect(sanitizeHrefUrl('?q=test')).toBe('?q=test'); expect(sanitizeHrefUrl('#section')).toBe('#section'); expect(sanitizeHrefUrl('profile')).toBe('profile'); }); test('allows http(s), mailto, tel', () => { expect(sanitizeHrefUrl('https://example.com')).toBe('https://example.com/'); expect(sanitizeHrefUrl('https://example.com/path')).toBe('https://example.com/path'); expect(sanitizeHrefUrl('mailto:hi@example.com')).toBe('mailto:hi@example.com'); expect(sanitizeHrefUrl('tel:+15551234567')).toBe('tel:+15551234567'); }); test('returns null for empty input', () => { expect(sanitizeHrefUrl('')).toBe(null); expect(sanitizeHrefUrl(' ')).toBe(null); }); });
▶ Run tests
Results
Console
Run tests to see results.