# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/ require 'rails_helper' RSpec.describe HtmlSanitizer::Strict, :aggregate_failures do def sanitize(input, external: false) described_class.new.sanitize(input, external: external, timeout: false) end describe('#sanitize') do it 'performs various XSS checks' do # rubocop:disable RSpec/ExampleLength expect(sanitize('
test
')).to eq('
test
') expect(sanitize('123')).to eq('123') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('123123')).to eq('123123') expect(sanitize('123123abc')).to eq('123123abc') expect(sanitize('123')).to eq('123') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('">')).to eq('">') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('')).to eq('') expect(sanitize('<')).to eq('<') expect(sanitize('')).to eq('') expect(sanitize('