Syntax previewClick to edit
1234
export default function sanitizeHrefUrl(input) {
throw new Error('Not implemented');
}
Syntax previewClick to edit
1234567891011121314151617181920212223242526272829303132333435363738
import sanitizeHrefUrl from './sanitizeHrefUrl';
describe('sanitizeHrefUrl', () => {
test('blocks javascript: and data: URLs (case/whitespace/control chars)', () => {
expect(sanitizeHrefUrl('javascript:alert(1)')).toBe(null);
expect(sanitizeHrefUrl(' JaVaScRiPt:alert(1) ')).toBe(null);
expect(sanitizeHrefUrl('java\u0000script:alert(1)')).toBe(null);
expect(sanitizeHrefUrl('data:text/html,<svg onload=alert(1)>')).toBe(null);
expect(sanitizeHrefUrl('vbscript:msgbox(1)')).toBe(null);
});
test('blocks protocol-relative and backslash URLs', () => {
expect(sanitizeHrefUrl('//evil.com')).toBe(null);
expect(sanitizeHrefUrl('\\\\evil.com')).toBe(null);
});
test('allows relative URLs and fragments', () => {
expect(sanitizeHrefUrl('/settings')).toBe('/settings');
expect(sanitizeHrefUrl('./settings')).toBe('./settings');
expect(sanitizeHrefUrl('../settings')).toBe('../settings');
expect(sanitizeHrefUrl('?q=test')).toBe('?q=test');
expect(sanitizeHrefUrl('#section')).toBe('#section');
expect(sanitizeHrefUrl('profile')).toBe('profile');
});
test('allows http(s), mailto, tel', () => {
expect(sanitizeHrefUrl('https://example.com')).toBe('https://example.com/');
expect(sanitizeHrefUrl('https://example.com/path')).toBe('https://example.com/path');
expect(sanitizeHrefUrl('mailto:hi@example.com')).toBe('mailto:hi@example.com');
expect(sanitizeHrefUrl('tel:+15551234567')).toBe('tel:+15551234567');
});
test('returns null for empty input', () => {
expect(sanitizeHrefUrl('')).toBe(null);
expect(sanitizeHrefUrl(' ')).toBe(null);
});
});
Run tests to see results.