aboutsummaryrefslogtreecommitdiffstats
path: root/packages/excalidraw/data/url.test.tsx
diff options
context:
space:
mode:
authorkj_sh6042026-03-15 16:19:35 -0400
committerkj_sh6042026-03-15 16:19:35 -0400
commit6ec259a0e71174651bae95d4628138bf6fd68742 (patch)
tree5e33c6a5ec091ecabfcb257fdc7b6a88ed8754ac /packages/excalidraw/data/url.test.tsx
parent16c8578b15c727f22921f8a80a56ee4d4e7f2272 (diff)
refactor: packages/
Diffstat (limited to 'packages/excalidraw/data/url.test.tsx')
-rw-r--r--packages/excalidraw/data/url.test.tsx31
1 files changed, 31 insertions, 0 deletions
diff --git a/packages/excalidraw/data/url.test.tsx b/packages/excalidraw/data/url.test.tsx
new file mode 100644
index 0000000..9a40aad
--- /dev/null
+++ b/packages/excalidraw/data/url.test.tsx
@@ -0,0 +1,31 @@
+import { normalizeLink } from "./url";
+
+describe("normalizeLink", () => {
+ // NOTE not an extensive XSS test suite, just to check if we're not
+ // regressing in sanitization
+ it("should sanitize links", () => {
+ expect(
+ // eslint-disable-next-line no-script-url
+ normalizeLink(`javascript://%0aalert(document.domain)`).startsWith(
+ // eslint-disable-next-line no-script-url
+ `javascript:`,
+ ),
+ ).toBe(false);
+ expect(normalizeLink("ola")).toBe("ola");
+ expect(normalizeLink(" ola")).toBe("ola");
+
+ expect(normalizeLink("https://www.excalidraw.com")).toBe(
+ "https://www.excalidraw.com",
+ );
+ expect(normalizeLink("www.excalidraw.com")).toBe("www.excalidraw.com");
+ expect(normalizeLink("/ola")).toBe("/ola");
+ expect(normalizeLink("http://test")).toBe("http://test");
+ expect(normalizeLink("ftp://test")).toBe("ftp://test");
+ expect(normalizeLink("file://")).toBe("file://");
+ expect(normalizeLink("file://")).toBe("file://");
+ expect(normalizeLink("[test](https://test)")).toBe("[test](https://test)");
+ expect(normalizeLink("[[test]]")).toBe("[[test]]");
+ expect(normalizeLink("<test>")).toBe("<test>");
+ expect(normalizeLink("test&")).toBe("test&");
+ });
+});
generated by cgit v1.2.3 (git 2.39.1) at 2026-05-18 16:23:18 +0000