add _update unit test too

theopensystemslab · Nov 24, 2023 · 6437fa5 · 6437fa5
1 parent 7b1c927
commit 6437fa5
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/editor.planx.uk/src/@planx/graph/__tests__/update.test.ts b/editor.planx.uk/src/@planx/graph/__tests__/update.test.ts
@@ -26,6 +26,29 @@ describe("updating", () => {
       expect(ops).toEqual([]);
     });
 
+    test("doesn't save unsafe data", () => {
+      const [graph, ops] = update("a", {
+        description: "<p>Test<img src=x onerror=prompt('Stored XSS')/></p>",
+      })({
+        a: {
+          data: {
+            text: "efef",
+          },
+        },
+      });
+
+      expect(graph).toEqual({
+        a: {
+          data: {
+            text: "efef",
+            description: `<p>Test<img src="x"></p>`,
+          },
+        },
+      });
+
+      expect(ops).toEqual([{ oi: `<p>Test<img src="x"></p>`, p: ["a", "data", "description"] }]);
+    });
+
     test("add a field to a without affecting existing data", () => {
       const [graph, ops] = update("a", { foo: "bar" })({
         a: {