veza/apps/web/src/utils/sanitize.test.ts

/**
 * Tests for Sanitize Utility
 * FE-TEST-004: Test sanitize utility functions
 */

import { describe, it, expect, vi, beforeEach } from 'vitest';
import {
  sanitizeHTML,
  sanitizeChatMessage,
  sanitizeTextInput,
  sanitizeURL,
  sanitizeEmail,
  validatePassword,
} from './sanitize';

// Mock DOMPurify
vi.mock('dompurify', () => ({
  default: {
    isSupported: true,
    sanitize: vi.fn((html: string) =>
      html.replace(/<script[^>]*>.*?<\/script>/gi, ''),
    ),
  },
}));

describe('sanitize utilities', () => {
  describe('sanitizeHTML', () => {
    it('should remove script tags', () => {
      const input = '<p>Hello</p><script>alert("xss")</script>';
      const result = sanitizeHTML(input);
      expect(result).not.toContain('<script>');
    });

    it('should escape HTML tags (sanitizeHTML escapes all HTML)', () => {
      const input = '<p>Hello <strong>world</strong></p>';
      const result = sanitizeHTML(input);
      // sanitizeHTML escapes all HTML, so tags become entities
      expect(result).toContain('&lt;');
      expect(result).toContain('Hello');
    });

    it('should remove dangerous patterns', () => {
      const input = '<p onclick="alert(1)">Hello</p>';
      const result = sanitizeHTML(input);
      expect(result).not.toContain('onclick');
    });
  });

  describe('sanitizeChatMessage', () => {
    it('should sanitize chat messages', () => {
      const input = '<p>Hello <script>alert("xss")</script></p>';
      const result = sanitizeChatMessage(input);
      expect(result).not.toContain('<script>');
    });

    it('should preserve basic formatting', () => {
      const input = '<p>Hello <strong>world</strong></p>';
      const result = sanitizeChatMessage(input);
      expect(result).toContain('<p>');
      expect(result).toContain('<strong>');
    });
  });

  describe('sanitizeTextInput', () => {
    it('should escape HTML', () => {
      const input = '<script>alert("xss")</script>';
      const result = sanitizeTextInput(input);
      expect(result).not.toContain('<script>');
      expect(result).toContain('&lt;');
    });

    it('should trim input', () => {
      expect(sanitizeTextInput('  hello  ')).toBe('hello');
    });
  });

  describe('sanitizeURL', () => {
    it('should allow http URLs', () => {
      const result = sanitizeURL('http://example.com');
      // URL.toString() adds trailing slash
      expect(result).toBe('http://example.com/');
    });

    it('should allow https URLs', () => {
      const result = sanitizeURL('https://example.com');
      // URL.toString() adds trailing slash
      expect(result).toBe('https://example.com/');
    });

    it('should reject javascript URLs', () => {
      const result = sanitizeURL('javascript:alert(1)');
      expect(result).toBeNull();
    });

    it('should reject file URLs', () => {
      const result = sanitizeURL('file:///etc/passwd');
      expect(result).toBeNull();
    });

    it('should return null for invalid URLs', () => {
      const result = sanitizeURL('not-a-url');
      expect(result).toBeNull();
    });
  });

  describe('sanitizeEmail', () => {
    it('should validate and normalize valid email', () => {
      const result = sanitizeEmail('Test@Example.COM');
      expect(result).toBe('test@example.com');
    });

    it('should return null for invalid email', () => {
      expect(sanitizeEmail('not-an-email')).toBeNull();
      expect(sanitizeEmail('test@')).toBeNull();
      expect(sanitizeEmail('@example.com')).toBeNull();
    });
  });

  describe('validatePassword', () => {
    it('should validate strong password', () => {
      const result = validatePassword('StrongP@ssw0rd123');
      expect(result.isValid).toBe(true);
      expect(result.errors).toHaveLength(0);
    });

    it('should reject short password', () => {
      const result = validatePassword('Short1!');
      expect(result.isValid).toBe(false);
      expect(result.errors.length).toBeGreaterThan(0);
    });

    it('should reject password without uppercase', () => {
      const result = validatePassword('lowercase123!');
      expect(result.isValid).toBe(false);
      expect(result.errors.some((e) => e.includes('majuscule'))).toBe(true);
    });

    it('should reject password without lowercase', () => {
      const result = validatePassword('UPPERCASE123!');
      expect(result.isValid).toBe(false);
      expect(result.errors.some((e) => e.includes('minuscule'))).toBe(true);
    });

    it('should reject password without number', () => {
      const result = validatePassword('NoNumber!');
      expect(result.isValid).toBe(false);
      expect(result.errors.some((e) => e.includes('chiffre'))).toBe(true);
    });

    it('should reject password without special character', () => {
      const result = validatePassword('NoSpecial123');
      expect(result.isValid).toBe(false);
      expect(result.errors.some((e) => e.includes('spécial'))).toBe(true);
    });

    it('should reject common weak patterns', () => {
      const result = validatePassword('Password123!');
      expect(result.isValid).toBe(false);
      expect(result.errors.some((e) => e.includes('commun'))).toBe(true);
    });
  });
});
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`/**`
			`* Tests for Sanitize Utility`
			`* FE-TEST-004: Test sanitize utility functions`
			`*/`

			`import { describe, it, expect, vi, beforeEach } from 'vitest';`
			`import {`
			`sanitizeHTML,`
			`sanitizeChatMessage,`
			`sanitizeTextInput,`
			`sanitizeURL,`
			`sanitizeEmail,`
			`validatePassword,`
			`} from './sanitize';`

			`// Mock DOMPurify`
			`vi.mock('dompurify', () => ({`
			`default: {`
			`isSupported: true,`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`sanitize: vi.fn((html: string) =>`
			`html.replace(/<script[^>]>.?<\/script>/gi, ''),`
			`),`
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`},`
			`}));`

			`describe('sanitize utilities', () => {`
			`describe('sanitizeHTML', () => {`
			`it('should remove script tags', () => {`
			`const input = '<p>Hello</p><script>alert("xss")</script>';`
			`const result = sanitizeHTML(input);`
			`expect(result).not.toContain('<script>');`
			`});`

			`it('should escape HTML tags (sanitizeHTML escapes all HTML)', () => {`
			`const input = '<p>Hello <strong>world</strong></p>';`
			`const result = sanitizeHTML(input);`
			`// sanitizeHTML escapes all HTML, so tags become entities`
			`expect(result).toContain('<');`
			`expect(result).toContain('Hello');`
			`});`

			`it('should remove dangerous patterns', () => {`
			`const input = '<p onclick="alert(1)">Hello</p>';`
			`const result = sanitizeHTML(input);`
			`expect(result).not.toContain('onclick');`
			`});`
			`});`

			`describe('sanitizeChatMessage', () => {`
			`it('should sanitize chat messages', () => {`
			`const input = '<p>Hello <script>alert("xss")</script></p>';`
			`const result = sanitizeChatMessage(input);`
			`expect(result).not.toContain('<script>');`
			`});`

			`it('should preserve basic formatting', () => {`
			`const input = '<p>Hello <strong>world</strong></p>';`
			`const result = sanitizeChatMessage(input);`
			`expect(result).toContain('<p>');`
			`expect(result).toContain('<strong>');`
			`});`
			`});`

			`describe('sanitizeTextInput', () => {`
			`it('should escape HTML', () => {`
			`const input = '<script>alert("xss")</script>';`
			`const result = sanitizeTextInput(input);`
			`expect(result).not.toContain('<script>');`
			`expect(result).toContain('<');`
			`});`

			`it('should trim input', () => {`
			`expect(sanitizeTextInput(' hello ')).toBe('hello');`
			`});`
			`});`

			`describe('sanitizeURL', () => {`
			`it('should allow http URLs', () => {`
			`const result = sanitizeURL('http://example.com');`
			`// URL.toString() adds trailing slash`
			`expect(result).toBe('http://example.com/');`
			`});`

			`it('should allow https URLs', () => {`
			`const result = sanitizeURL('https://example.com');`
			`// URL.toString() adds trailing slash`
			`expect(result).toBe('https://example.com/');`
			`});`

			`it('should reject javascript URLs', () => {`
			`const result = sanitizeURL('javascript:alert(1)');`
			`expect(result).toBeNull();`
			`});`

			`it('should reject file URLs', () => {`
			`const result = sanitizeURL('file:///etc/passwd');`
			`expect(result).toBeNull();`
			`});`

			`it('should return null for invalid URLs', () => {`
			`const result = sanitizeURL('not-a-url');`
			`expect(result).toBeNull();`
			`});`
			`});`

			`describe('sanitizeEmail', () => {`
			`it('should validate and normalize valid email', () => {`
			`const result = sanitizeEmail('Test@Example.COM');`
			`expect(result).toBe('test@example.com');`
			`});`

			`it('should return null for invalid email', () => {`
			`expect(sanitizeEmail('not-an-email')).toBeNull();`
			`expect(sanitizeEmail('test@')).toBeNull();`
			`expect(sanitizeEmail('@example.com')).toBeNull();`
			`});`
			`});`

			`describe('validatePassword', () => {`
			`it('should validate strong password', () => {`
			`const result = validatePassword('StrongP@ssw0rd123');`
			`expect(result.isValid).toBe(true);`
			`expect(result.errors).toHaveLength(0);`
			`});`

			`it('should reject short password', () => {`
			`const result = validatePassword('Short1!');`
			`expect(result.isValid).toBe(false);`
			`expect(result.errors.length).toBeGreaterThan(0);`
			`});`

			`it('should reject password without uppercase', () => {`
			`const result = validatePassword('lowercase123!');`
			`expect(result.isValid).toBe(false);`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`expect(result.errors.some((e) => e.includes('majuscule'))).toBe(true);`
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`});`

			`it('should reject password without lowercase', () => {`
			`const result = validatePassword('UPPERCASE123!');`
			`expect(result.isValid).toBe(false);`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`expect(result.errors.some((e) => e.includes('minuscule'))).toBe(true);`
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`});`

			`it('should reject password without number', () => {`
			`const result = validatePassword('NoNumber!');`
			`expect(result.isValid).toBe(false);`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`expect(result.errors.some((e) => e.includes('chiffre'))).toBe(true);`
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`});`

			`it('should reject password without special character', () => {`
			`const result = validatePassword('NoSpecial123');`
			`expect(result.isValid).toBe(false);`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`expect(result.errors.some((e) => e.includes('spécial'))).toBe(true);`
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`});`

			`it('should reject common weak patterns', () => {`
			`const result = validatePassword('Password123!');`
			`expect(result.isValid).toBe(false);`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`expect(result.errors.some((e) => e.includes('commun'))).toBe(true);`
[FE-TEST-004] test: Add unit tests for utilities - Created comprehensive unit tests for date utilities - Created comprehensive unit tests for format utilities - Created comprehensive unit tests for URL utilities - Created comprehensive unit tests for logger utility - Created comprehensive unit tests for errorMessages utility - Created comprehensive unit tests for sanitize utility - Created comprehensive unit tests for apiErrorHandler utility - Created comprehensive unit tests for apiToastHelper utility - Created comprehensive unit tests for serviceErrorHandler utility - Created comprehensive unit tests for timeoutHandler utility All tests pass (163 tests). Covers all utility functions that were missing tests. Phase: PHASE-5 Priority: P2 Progress: 241/267 (90.26%) 2025-12-25 16:09:51 +00:00			`});`
			`});`
			`});`