36 lines
1004 B
TypeScript
36 lines
1004 B
TypeScript
|
import express from "express"
|
||
|
import { errorHandler } from "../../../../src/node/routes/errors"
|
||
|
|
||
|
describe("error page is rendered for text/html requests", () => {
|
||
|
it("escapes any html in the error messages", async () => {
|
||
|
const next = jest.fn()
|
||
|
const err = {
|
||
|
code: "ENOENT",
|
||
|
statusCode: 404,
|
||
|
message: ";>hello<script>alert(1)</script>",
|
||
|
}
|
||
|
const req = createRequest()
|
||
|
const res = {
|
||
|
status: jest.fn().mockReturnValue(this),
|
||
|
send: jest.fn().mockReturnValue(this),
|
||
|
set: jest.fn().mockReturnValue(this),
|
||
|
} as unknown as express.Response
|
||
|
|
||
|
await errorHandler(err, req, res, next)
|
||
|
expect(res.status).toHaveBeenCalledWith(404)
|
||
|
expect(res.send).toHaveBeenCalledWith(expect.not.stringContaining("<script>"))
|
||
|
})
|
||
|
})
|
||
|
|
||
|
function createRequest(): express.Request {
|
||
|
return {
|
||
|
headers: {
|
||
|
accept: ["text/html"],
|
||
|
},
|
||
|
originalUrl: "http://example.com/test",
|
||
|
query: {
|
||
|
to: "test",
|
||
|
},
|
||
|
} as unknown as express.Request
|
||
|
}
|