this is a readme
'); + }); + + test('should handle wrong text', () => { + expect(parseReadme(undefined)).toBeUndefined(); + }); + + describe('basic parsing', () => { + test('should parse basic', () => { + expect(parseReadme('# hi')).toEqual(`[XSS](j a v a s c r i p t:prompt(document.cookie))
'); + }); + + test('xss / data test/html', () => { + expect(parseReadme('[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)')).toEqual(''); + }); + + test('xss / data test/html encoded', () => { + expect(parseReadme('[XSS](javascript:alert('XSS'))')).toEqual(''); + }); + + test('xss / js prompt', () => { + expect(parseReadme('[XSS]: (javascript:prompt(document.cookie))')).toEqual(''); + }); + + test('xss / js window error alert', () => { + expect(parseReadme('[XSS](javascript:window.onerror=alert;throw%20document.cookie)')).toEqual(''); + }); + + test('xss / js window encoded prompt', () => { + expect(parseReadme('[XSS](javascript://%0d%0aprompt(1))')).toEqual(''); + }); + + test('xss / js window encoded prompt multiple statement', () => { + expect(parseReadme('[XSS](javascript://%0d%0aprompt(1);com)')).toEqual(''); + }); + + test('xss / js window encoded window error alert multiple statement', () => { + expect(parseReadme('[XSS](javascript:window.onerror=alert;throw%20document.cookie)')).toEqual(''); + }); + + test('xss / js window encoded window error alert throw error', () => { + expect(parseReadme('[XSS](javascript://%0d%0awindow.onerror=alert;throw%20document.cookie)')).toEqual(''); + }); + + test('xss / js window encoded data text/html base 64', () => { + expect(parseReadme('[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)')).toEqual(''); + }); + + test('xss / js vbscript alert', () => { + expect(parseReadme('[XSS](vbscript:alert(document.domain))')).toEqual(''); + }); + + describe('xss / js alert this', () => { + test('xss / js case #1', () => { + expect(parseReadme('[XSS](javascript:this;alert(1))')).toEqual(''); + }); + + test('xss / js case #2', () => { + expect(parseReadme('[XSS](javascript:this;alert(1))')).toEqual(''); + }); + + test('xss / js case #3', () => { + expect(parseReadme('[XSS](javascript:this;alert(1))')).toEqual(''); + }); + + test('xss / js case #4', () => { + expect(parseReadme('[XSS](Javascript:alert(1))')).toEqual(''); + }); + + test('xss / js case #5', () => { + expect(parseReadme('[XSS](Javas%26%2399;ript:alert(1))')).toEqual(''); + }); + + test('xss / js case #6', () => { + expect(parseReadme('[XSS](javascript:alert(1))')).toEqual(''); + }); + }); + + test('xss / js confirm', () => { + expect(parseReadme('[XSS](javascript:confirm(1)')).toEqual(''); + }); + + describe('xss / js url', () => { + test('xss / case #1', () => { + expect(parseReadme('[XSS](javascript://www.google.com%0Aprompt(1))')).toEqual(''); + }); + + test('xss / case #2', () => { + expect(parseReadme('[XSS](javascript://%0d%0aconfirm(1);com)')).toEqual(''); + }); + + test('xss / case #3', () => { + expect(parseReadme('[XSS](javascript:window.onerror=confirm;throw%201)')).toEqual(''); + }); + + test('xss / case #4', () => { + expect(parseReadme('[XSS](�javascript:alert(document.domain))')).toEqual(''); + }); + + test('xss / case #5', () => { + expect(parseReadme('![XSS](javascript:prompt(document.cookie))\\')).toEqual('\\
'); + }); + + test('xss / case #6', () => { + expect(parseReadme('![XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\\')).toEqual('\\
'); + }); + + test('xss / case #7', () => { + expect(parseReadme(`![XSS'"\`onerror=prompt(document.cookie)](x)\\`)).toEqual('\\
'); + }); + }); + }); + + describe('mix readmes / markdown', () => { + test('should parse marked', async () => { + const readme: string = await readReadme('mixed-html-mk'); + + expect(clean(parseReadme(readme) as string)).toEqual(`