chore: add tests

e2e-tests/sanitization.spec.ts

@@ -0,0 +1,21 @@
+import { expect } from '@playwright/test'
+import { test } from './fixtures'
+import { createRandomPage } from './utils'
+
+test('should not spawn any dialogs', async ({ page, block }) => {
+  await createRandomPage(page)
+
+  page.on('dialog', async dialog => {
+    expect(false).toBeTruthy()
+    await dialog.dismiss()
+  })
+
+  await page.keyboard.type('<iframe src="javascript:confirm(1);" />')
+  await block.enterNext()
+
+  await page.keyboard.type('<button id="test-xss-button" onclick="confirm(1)">Click me!</button>')
+  await block.enterNext()
+  await page.click('#test-xss-button')
+
+  expect(true).toBeTruthy()
+})

src/main/frontend/security.cljs

@@ -14,12 +14,3 @@
 (defn sanitize-html
   [html]
   (.sanitize DOMPurify html sanitization-options))
-
-;; HTML:
-;; Example 1:
-;; <script>
-;; alert('gotcha');
-;; </script>
-
-;; Example 2:
-;; <div style="padding: 20px; opacity: 0;height: 20px;" onmouseout="alert('Gotcha!')"></div>