isomerpages · seaerchin · Apr 18, 2023 · Apr 12, 2023
diff --git a/src/fixtures/markdown-fixtures.ts b/src/fixtures/markdown-fixtures.ts
@@ -46,3 +46,9 @@ export const maliciousJsonObject = {
   },
   pageContent: maliciousPageContent,
 }
+
+export const rawInstagramEmbedScript =
+  '<script src="//www.instagram.com/embed.js" async></script>'
+
+export const sanitizedInstagramEmbedScript =
+  '<script async="" src="//www.instagram.com/embed.js"></script>'
diff --git a/src/utils/__tests__/markdown-utils.spec.ts b/src/utils/__tests__/markdown-utils.spec.ts
@@ -8,7 +8,10 @@ import {
   maliciousMarkdownContent,
   normalJsonObject,
   maliciousJsonObject,
+  rawInstagramEmbedScript,
+  sanitizedInstagramEmbedScript,
 } from "@fixtures/markdown-fixtures"
+import { sanitizer } from "@root/services/utilServices/Sanitizer"
 
 describe("Sanitized markdown utils test", () => {
   it("should parse normal markdown content into an object successfully", () => {
@@ -36,4 +39,13 @@ describe("Sanitized markdown utils test", () => {
       normalMarkdownContent
     )
   })
+
+  it("should sanitize boolean tags with an empty string", () => {
+    // NOTE: Setting a boolean attr to an empty string is equivalent
+    // to it being true.
+    // See the HTML spec: https://html.spec.whatwg.org/#boolean-attributes
+    expect(sanitizer.sanitize(rawInstagramEmbedScript)).toBe(
+      sanitizedInstagramEmbedScript
+    )
+  })
 })