From 2f19a344cb99bb0da70429c9ba023c242fb06808 Mon Sep 17 00:00:00 2001
From: seaerchin <jiachin@open.gov.sg>
Date: Wed, 12 Apr 2023 21:44:12 +0800
Subject: [PATCH] test(markdown-fixtures): add a test for DOMPurify
 sanitization

---
 src/fixtures/markdown-fixtures.ts          |  6 ++++++
 src/utils/__tests__/markdown-utils.spec.ts | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/src/fixtures/markdown-fixtures.ts b/src/fixtures/markdown-fixtures.ts
index ca793a7b3..ddc9203a1 100644
--- a/src/fixtures/markdown-fixtures.ts
+++ b/src/fixtures/markdown-fixtures.ts
@@ -46,3 +46,9 @@ export const maliciousJsonObject = {
   },
   pageContent: maliciousPageContent,
 }
+
+export const rawInstagramEmbedScript =
+  '<script src="//www.instagram.com/embed.js" async></script>'
+
+export const sanitizedInstagramEmbedScript =
+  '<script async="" src="//www.instagram.com/embed.js"></script>'
diff --git a/src/utils/__tests__/markdown-utils.spec.ts b/src/utils/__tests__/markdown-utils.spec.ts
index c8ad8e7d7..9aaa3acfd 100644
--- a/src/utils/__tests__/markdown-utils.spec.ts
+++ b/src/utils/__tests__/markdown-utils.spec.ts
@@ -8,7 +8,10 @@ import {
   maliciousMarkdownContent,
   normalJsonObject,
   maliciousJsonObject,
+  rawInstagramEmbedScript,
+  sanitizedInstagramEmbedScript,
 } from "@fixtures/markdown-fixtures"
+import { sanitizer } from "@root/services/utilServices/Sanitizer"
 
 describe("Sanitized markdown utils test", () => {
   it("should parse normal markdown content into an object successfully", () => {
@@ -36,4 +39,13 @@ describe("Sanitized markdown utils test", () => {
       normalMarkdownContent
     )
   })
+
+  it("should sanitize boolean tags with an empty string", () => {
+    // NOTE: Setting a boolean attr to an empty string is equivalent
+    // to it being true.
+    // See the HTML spec: https://html.spec.whatwg.org/#boolean-attributes
+    expect(sanitizer.sanitize(rawInstagramEmbedScript)).toBe(
+      sanitizedInstagramEmbedScript
+    )
+  })
 })