jeremy.herve.bzh / skypress
A calm place to write long-form, and publish it to the open social web. skypress.blog/
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

skypress / src / lib / reader / record-json.test.ts
at trunk 943 B View raw
Jeremy Herve Add renderRecordJson: serialize, highlight, sanitise record value
436470f2
1import { describe, expect, it } from 'vitest'; 2import { renderRecordJson } from './record-json'; 3 4describe( 'renderRecordJson', () => { 5 it( 'pretty-prints the value with two-space indentation and highlights it', () => { 6 const out = renderRecordJson( { title: 'Hello', tags: [ 'a' ] } ); 7 // Two-space indentation survives into the highlighted markup. 8 expect( out ).toContain( '\n ' ); 9 expect( out ).toContain( '<code class="hljs language-json">' ); 10 expect( out ).toContain( 'hljs-' ); 11 } ); 12 13 it( 'highlights then sanitises — a hostile string value yields no raw tags', () => { 14 const out = renderRecordJson( { x: '<img src=x onerror=alert(1)>' } ); 15 // The angle brackets are escaped to text; no live <img> survives. 16 expect( out ).not.toContain( '<img' ); 17 expect( out ).toContain( '&lt;img' ); 18 // The sanitiser keeps the highlight markup (code/span/class are allowlisted). 19 expect( out ).toContain( 'hljs' ); 20 } ); 21} );