test: quantizor#564

SukkaW · May 13, 2024 · 839ec66 · 839ec66
1 parent b27a802
commit 839ec66
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 33 deletions.
diff --git a/index.compiler.spec.tsx b/index.compiler.spec.tsx
@@ -21,7 +21,7 @@ it('should throw if not passed a string (first arg)', () => {
   // @ts-ignore
   expect(() => compiler(1)).toThrow()
   // @ts-ignore
-  expect(() => compiler(() => {})).toThrow()
+  expect(() => compiler(() => { })).toThrow()
   // @ts-ignore
   expect(() => compiler({})).toThrow()
   // @ts-ignore
@@ -1180,9 +1180,24 @@ describe('links', () => {
     `)
   })
 
+  it('should not sanitize markdown when explicitly disabled', () => {
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
+
+    render(compiler('[foo](javascript:doSomethingBad)', { sanitization: false }))
+
+    expect(root.innerHTML).toMatchInlineSnapshot(`
+      <a href="javascript:doSomethingBad">
+        foo
+      </a>
+    `)
+
+    expect(console.warn).not.toHaveBeenCalled()
+  })
+
   it('should sanitize markdown links containing JS expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](javascript:doSomethingBad)'))
 
@@ -1196,8 +1211,8 @@ describe('links', () => {
   })
 
   it('should sanitize markdown links containing JS expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('![foo](javascript:doSomethingBad)'))
 
@@ -1207,8 +1222,8 @@ describe('links', () => {
   })
 
   it('should sanitize markdown links containing Data expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](data:doSomethingBad)'))
     expect(root.innerHTML).toMatchInlineSnapshot(`
@@ -1220,8 +1235,8 @@ describe('links', () => {
   })
 
   it('should sanitize markdown links containing VBScript expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](vbScript:doSomethingBad)'))
     expect(root.innerHTML).toMatchInlineSnapshot(`
@@ -1233,8 +1248,8 @@ describe('links', () => {
   })
 
   it('should sanitize markdown links containing encoded JS expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](javascript%3AdoSomethingBad)'))
 
@@ -1248,8 +1263,8 @@ describe('links', () => {
   })
 
   it('should sanitize markdown links containing padded JS expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](  javascript%3AdoSomethingBad)'))
 
@@ -1263,8 +1278,8 @@ describe('links', () => {
   })
 
   it('should sanitize markdown links containing padded encoded vscript expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](  VBScript%3AdoSomethingBad)'))
 
@@ -1277,17 +1292,17 @@ describe('links', () => {
   })
 
   it('should sanitize markdown images containing padded encoded vscript expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('![foo](  VBScript%3AdoSomethingBad)'))
     expect(root.innerHTML).toMatchInlineSnapshot(`<img alt="foo">`)
     expect(console.warn).toHaveBeenCalled()
   })
 
   it('should sanitize markdown links containing padded encoded data expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](`<data:doSomethingBad)'))
     expect(root.innerHTML).toMatchInlineSnapshot(`
@@ -1299,17 +1314,17 @@ describe('links', () => {
   })
 
   it('should sanitize markdown images containing padded encoded data expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('![foo](`<data:doSomethingBad)'))
     expect(root.innerHTML).toMatchInlineSnapshot(`<img alt="foo">`)
     expect(console.warn).toHaveBeenCalled()
   })
 
   it('should sanitize markdown links containing invalid characters', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('[foo](https://google.com/%AF)'))
 
@@ -1322,8 +1337,8 @@ describe('links', () => {
   })
 
   it('should sanitize html links containing JS expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('<a href="javascript:doSomethingBad">foo</a>'))
 
@@ -1337,8 +1352,8 @@ describe('links', () => {
   })
 
   it('should sanitize html links containing encoded, prefixed data expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('<a href="<`data:doSomethingBad">foo</a>'))
     expect(root.innerHTML).toMatchInlineSnapshot(`
@@ -1350,8 +1365,8 @@ describe('links', () => {
   })
 
   it('should sanitize html images containing encoded, prefixed JS expressions', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     // TODO: something is off on parsing here, because this prints:
     // console.error("Warning: Unknown prop `javascript:alert` on <img> tag"...)
@@ -1367,8 +1382,8 @@ describe('links', () => {
   })
 
   it('should sanitize html images containing weird parsing src=s', () => {
-    jest.spyOn(console, 'warn').mockImplementation(() => {})
-    jest.spyOn(console, 'error').mockImplementation(() => {})
+    jest.spyOn(console, 'warn').mockImplementation(() => { })
+    jest.spyOn(console, 'error').mockImplementation(() => { })
 
     render(compiler('<img src="`<src="javascript:alert(`xss`)">`'))
     expect(root.innerHTML).toMatchInlineSnapshot(`

diff --git a/index.tsx b/index.tsx
@@ -1147,8 +1147,7 @@ export function compiler(
     : namedCodesToUnicode
 
   // If "sanitization" is not explicitly set to false, it will be enabled by default
-  const enableSanitization = options.sanitization !== false
-  let sanitizeUrlFn = enableSanitization ? defaultSanitizeUrl : identity
+  let sanitizeUrlFn = options.sanitization !== false ? defaultSanitizeUrl : identity
 
   const createElementFn = options.createElement || React.createElement