(
tag: string,
prop: string,
value: any,
expectedSanitizedValue: any,
bypassFn: Function,
isAttribute: boolean = true,
throws: boolean = false,
)
| 1662 | return value; |
| 1663 | } |
| 1664 | function verify( |
| 1665 | tag: string, |
| 1666 | prop: string, |
| 1667 | value: any, |
| 1668 | expectedSanitizedValue: any, |
| 1669 | bypassFn: Function, |
| 1670 | isAttribute: boolean = true, |
| 1671 | throws: boolean = false, |
| 1672 | ) { |
| 1673 | it(`should sanitize <${tag} ${prop}> ${isAttribute ? 'properties' : 'attributes'} (value=${value})`, () => { |
| 1674 | @Directive({ |
| 1675 | selector: '[unsafeUrlHostBindingDir]', |
| 1676 | host: { |
| 1677 | [`[${isAttribute ? 'attr.' : ''}${prop}]`]: 'value', |
| 1678 | }, |
| 1679 | standalone: false, |
| 1680 | }) |
| 1681 | class UnsafeDir { |
| 1682 | value: any = value; |
| 1683 | } |
| 1684 | |
| 1685 | @Component({ |
| 1686 | template: `<${tag} unsafeUrlHostBindingDir></${tag}>`, |
| 1687 | standalone: false, |
| 1688 | |
| 1689 | changeDetection: ChangeDetectionStrategy.Eager, |
| 1690 | }) |
| 1691 | class App { |
| 1692 | @ViewChild(UnsafeDir) unsafeDir!: UnsafeDir; |
| 1693 | } |
| 1694 | |
| 1695 | TestBed.configureTestingModule({declarations: [App, UnsafeDir]}); |
| 1696 | const fixture = TestBed.createComponent(App); |
| 1697 | fixture.detectChanges(); |
| 1698 | const el = fixture.nativeElement.querySelector(tag)!; |
| 1699 | const current = () => (isAttribute ? el.getAttribute(prop) : (el as any)[prop]); |
| 1700 | |
| 1701 | fixture.componentInstance.unsafeDir.value = value; |
| 1702 | fixture.detectChanges(); |
| 1703 | expect(current()).toEqual(expectedSanitizedValue); |
| 1704 | |
| 1705 | fixture.componentInstance.unsafeDir.value = bypassFn(value); |
| 1706 | if (throws) { |
| 1707 | expect(() => fixture.detectChanges()).toThrowError(/Required a safe URL, got a \w+/); |
| 1708 | } else { |
| 1709 | fixture.detectChanges(); |
| 1710 | expect(current()).toEqual(bypassFn == identity ? expectedSanitizedValue : value); |
| 1711 | } |
| 1712 | }); |
| 1713 | } |
| 1714 | |
| 1715 | verify( |
| 1716 | 'a', |
no test coverage detected
searching dependent graphs…