marco/open-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5dd70b5016
open-design/apps/web/tests/artifacts/markdown.test.ts
marco 5dd70b5016
Some checks failed
ci / Validate workspace (push) Successful in 12m32s
Details
landing-page-ci / Validate landing page (push) Successful in 9m41s
Details
landing-page-deploy / Deploy landing page (push) Failing after 5m23s
Details
github-metrics / Generate repository metrics SVG (push) Failing after 2m3s
Details
refresh-contributors-wall / Refresh contributors wall cache bust (push) Failing after 11s
Details
Initial import: open-design source for helix-mind.ai distribution 
This repository contains the open-design daemon CLI source code, built
and packaged at https://helix-mind.ai/cli/open-design/latest.tgz for use
by the HelixMind /design slash command.

Licenses: Apache-2.0 (root) + MIT (skills/*)
2026-05-06 20:50:24 +02:00

72 lines
2.7 KiB
TypeScript
Raw Blame History

import { describe, expect, it } from 'vitest';
import { renderMarkdownToSafeHtml } from '../../src/artifacts/markdown';
describe('renderMarkdownToSafeHtml', () => {
it('renders common markdown blocks', () => {
const md = [
'# Title',
'',
'Paragraph with **bold** and *italic* and `code`.',
'',
'- one',
'- two',
'',
'1. first',
'2. second',
'',
'> note line',
'',
'```',
'const x = 1 < 2;',
'```',
].join('\n');
const out = renderMarkdownToSafeHtml(md);
expect(out).toContain('<h1>Title</h1>');
expect(out).toContain('<p>Paragraph with <strong>bold</strong> and <em>italic</em> and <code>code</code>.</p>');
expect(out).toContain('<ul><li>one</li><li>two</li></ul>');
expect(out).toContain('<ol><li>first</li><li>second</li></ol>');
expect(out).toContain('<blockquote>note line</blockquote>');
expect(out).toContain('<pre><code>const x = 1 &lt; 2;</code></pre>');
});
it('escapes raw html', () => {
const out = renderMarkdownToSafeHtml('<script>alert(1)</script>');
expect(out).toContain('&lt;script&gt;alert(1)&lt;/script&gt;');
expect(out).not.toContain('<script>');
});
it('renders safe links with target attributes', () => {
const out = renderMarkdownToSafeHtml('[Open](https://example.com)');
expect(out).toContain('<a href="https://example.com" rel="noreferrer noopener" target="_blank">Open</a>');
});
it('keeps underscores inside href intact', () => {
const out = renderMarkdownToSafeHtml('[x](https://example.com/a_b_c)');
expect(out).toContain('<a href="https://example.com/a_b_c" rel="noreferrer noopener" target="_blank">x</a>');
expect(out).not.toContain('<em>b</em>');
});
it('escapes raw html inside link text', () => {
const out = renderMarkdownToSafeHtml('[<img src=x onerror=alert(1)>](https://example.com)');
expect(out).toContain('&lt;img src=x onerror=alert(1)&gt;');
expect(out).not.toContain('<img ');
});
it('keeps markdown emphasis markers literal inside inline code', () => {
const out = renderMarkdownToSafeHtml('Use `**literal**` and `_literal_` as code.');
expect(out).toContain('<code>**literal**</code>');
expect(out).toContain('<code>_literal_</code>');
expect(out).not.toContain('<code><strong>literal</strong></code>');
expect(out).not.toContain('<code><em>literal</em></code>');
});
it('does not render unsafe link protocols', () => {
const out = renderMarkdownToSafeHtml('[Bad](javascript:alert(1))');
expect(out).toContain('<p>Bad)</p>');
expect(out).not.toContain('javascript:');
expect(out).not.toContain('<a ');
});
});
Reference in New Issue View Git Blame Copy Permalink