@blazedpath/commons 0.2.2 → 0.3.1

package/blz-security/__test__/sqlInjectionGuard.test.js

@@ -1,203 +0,0 @@
-/* eslint-disable no-undef */
-const SqlInjectionGuard = require('../sqlInjectionGuard') // Adjust path as needed
-const pino = require('pino')
-
-describe('SqlInjectionGuard', () => {
-    let guard
-
-    beforeEach(() => {
-        delete process.env.blz_securityApiSanitizeOnlyLog
-        delete process.env.blz_securityApiSanitizeAllowedInputRegex
-        guard = new SqlInjectionGuard(pino({ level: 'silent' }))
-    })
-
-    test('accepts safe simple strings', () => {
-        const params = [{ name: 'username', value: 'john_doe' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('accepts safe identifiers with dots and dashes', () => {
-        const params = [{ name: 'email', value: 'test.user-name' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('blocks basic SQL injection attempt', () => {
-        const params = [{ name: 'query', value: "' OR 1=1 --" }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks semicolon followed by DROP statement', () => {
-        const sql = "SELECT * FROM users; DROP TABLE users;"
-        expect(() => guard.validateRawSql(sql)).toThrow()
-    })
-
-    test('blocks string with pg_sleep function', () => {
-        const sql = "SELECT pg_sleep(10);"
-        expect(() => guard.validateRawSql(sql)).toThrow()
-    })
-
-    test('blocks nested object with SQLi', () => {
-        const obj = {
-            user: {
-                comment: "'; DROP TABLE users;"
-            }
-        }
-        expect(() => guard.validateObject(obj)).toThrow()
-    })
-
-    test('blocks deep object traversal with SQLi', () => {
-        const obj = {
-            a: {
-                b: {
-                    c: "' OR '1'='1"
-                }
-            }
-        }
-        expect(() => guard.validateObject(obj)).toThrow()
-    })
-
-    test('does not block number values', () => {
-        const params = [{ name: 'count', value: 12345 }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('does not block boolean values', () => {
-        const params = [{ name: 'active', value: true }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('does not block empty string', () => {
-        const params = [{ name: 'description', value: '' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('allows <script> input when custom regex allows all characters', () => {
-        process.env.blz_securityApiSanitizeAllowedInputRegex = '^.{1,100}$'
-        guard = new SqlInjectionGuard(pino({ level: 'silent' }))
-        const params = [{ name: 'comment', value: '<script>alert("x")</script>' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('blocks SQL injection even if allowedInputRegex allows special characters', () => {
-        process.env.blz_securityApiSanitizeAllowedInputRegex = '^.{1,100}$'
-        guard = new SqlInjectionGuard(pino({ level: 'silent' }))
-        const params = [{ name: 'input', value: "'; DROP TABLE users;" }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('only logs when onlyLog mode is enabled', () => {
-        process.env.blz_securityApiSanitizeOnlyLog = 'true'
-        guard = new SqlInjectionGuard(pino({ level: 'silent' }))
-        const params = [{ name: 'input', value: "' OR 'x'='x" }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('ignores non-string values in validateObject', () => {
-        const obj = {
-            safe: true,
-            count: 42,
-            list: [1, 2, 3],
-            nested: {
-                values: [false, null, undefined]
-            }
-        }
-        expect(() => guard.validateObject(obj)).not.toThrow()
-    })
-
-    test('blocks string containing EXEC', () => {
-        const sql = "EXEC('SELECT * FROM users')"
-        expect(() => guard.validateRawSql(sql)).toThrow()
-    })
-
-    test('blocks string using dbms_lock.sleep', () => {
-        const sql = "SELECT dbms_lock.sleep(10) FROM dual"
-        expect(() => guard.validateRawSql(sql)).toThrow()
-    })
-
-    test('does not block special characters like = or &', () => {
-        const params = [{ name: 'filter', value: 'key=value&x=1' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('does not block values containing HTML but not SQL', () => {
-        const params = [{ name: 'html', value: '<b>bold</b>' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('throws on invalid JSON pattern in env', () => {
-        process.env.blz_securityApiSanitizeDangerousParamPatterns = 'INVALID_JSON'
-        expect(() => {
-            new SqlInjectionGuard(pino({ level: 'silent' }))
-        }).not.toThrow()
-    })
-
-    test('blocks /* comment pattern in param', () => {
-        const params = [{ name: 'q', value: '*/ DROP TABLE' }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks SELECT-FROM pattern', () => {
-        const params = [{ name: 'sql', value: 'SELECT * FROM users' }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks INSERT INTO pattern', () => {
-        const params = [{ name: 'payload', value: 'INSERT INTO table VALUES (1)' }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks UPDATE SET = pattern', () => {
-        const params = [{ name: 'input', value: 'UPDATE table SET name="x"' }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks DELETE FROM pattern', () => {
-        const params = [{ name: 'delete', value: 'DELETE FROM users' }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('allows input with only < at the end', () => {
-        const params = [{ name: 'input', value: 'allowed<' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    test('allows input with only > at the beginning', () => {
-        const params = [{ name: 'input', value: '>allowed' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-   
-    test('blocks OR with LIKE pattern', () => {
-        const params = [{ name: 'search', value: "' OR name LIKE '%admin%'" }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks AND with LIKE pattern', () => {
-        const params = [{ name: 'search', value: "' AND role LIKE '%user%'" }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks UNION SELECT statement', () => {
-        const params = [{ name: 'payload', value: "' UNION SELECT password FROM users --" }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('blocks complex obfuscated SQL injection', () => {
-        const params = [{ name: 'value', value: "admin'/**/OR/**/'1'='1" }]
-        expect(() => guard.validateParamList(params)).toThrow()
-    })
-
-    test('does not block input that looks like markup but is valid by whitelist', () => {
-        const params = [{ name: 'input', value: 'example>' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-
-    // test('blocks expression with encoded SQL keywords', () => {
-    //     const params = [{ name: 'x', value: '%53%45%4C%45%43%54 * FROM users' }] // SELECT
-    //     expect(() => guard.validateParamList(params)).toThrow()
-    // })
-
-    test('does not block input with common punctuation', () => {
-        const params = [{ name: 'text', value: 'Hello, world! How are you?' }]
-        expect(() => guard.validateParamList(params)).not.toThrow()
-    })
-})

package/blz-security/__test__/xssGuard.test.js

@@ -1,204 +0,0 @@
-const XssGuard = require('../xssGuard');
-const logger = require('pino');
-
-describe('XssGuard', () => {
-  let guard;
-
-  beforeEach(() => {
-    guard = new XssGuard(logger({ level: 'silent' }));
-  });
-
-
-  test('sanitizes buffer as String', () => {
-    const input = {"zipBinaryString":"PK\u0003\u0004\u0014\u0000\b\u0000\b\u0000݄îZ\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000:\u0000\u0000\u0000criteria-set-11-exported-2025-07-14T16:38:58.967Z1073.jsoníÝmS\u001ai¢\u0006à¿bñéLU3E7/B¾ù‚ÆZ\u0010J\u00187™ÍVÊ\u0018vŽg3š£fÏLmí?\u0005´³‰Aeiºy€ë›±Û\u0006ZáÊs?Ý÷óÏÒåíÕýèöêb0º/½úç×ÿ<ùXz\u0015ÇQéîþâþË]éU©}º·ßi\u001f–¢Òõů£Ò«R÷âöê®Ë;\u001f.îF\u001fwn®w\u0006¿Þü}´3\u001cÝÝï4wÊ;ÿuõëç›ÛûÑÇ\u001f¾ùG)*}\u001cÝ]Þ^}¾¿º¹.½*=þ±ÑoÓ=LJL*I­\\i–+É0Ž_ÅÍWIëÇÝVóçhçáx÷J^Õv_%\u001f\u001bÕúÏ?Ì>\\«\u001c7†IåU%~U¯ÿب$3\u000f÷Ç^»¯âƏI¥ñó\u000f¥Eœ¢Ò«¿üq¾n®'g«Ö¬D³NáÕÝÞçϟ®./>|\u001aŸ·áÙOíRTú|q;º¾?øú\b×_>}\u001aïÞþíòӗ»éÙI÷þp;ºøûǛÿ›~kït°w0<靖¢ÒßnGÿûet}ùûð÷ÏãÃ\u001fîtޖ¢Òè\u001fãÃß|\u001cïM¹R)¿)ÿ¹wtôþðaÛá7¿…?ŸHùæoÛ\u0019ïpùåöv|̓»›ñ¯þ§³RTº¹ý%=\\y¼ÇíèãÕýñ§½Ë˛/×÷éw?Ž>|ÿÍ«»£«Ëû«û«›/w\u00077×\u001f¯¦\u000f9}µ\u0017Ó]ÇOþ»m÷·\u0017×w\u0017—ão=Ú^úË»ÒôÕ¼+ýµ\u0014•în¾Ü^Žf\u001eä×˿f\u001fÿãèÃýÍí`ò\u0017~t{óë³;\fožÞüËèù\u001fÿeôäOŸ]Ýý}üäž9ÀÃ.O?ƒÑ/¿Ž®ïŸ{\u000eÓ=ž<Âá—ëë«ë_ž9BºÇŒ#܎ÿš¾Ì>ù£ß>®ïfoKóϜþoö˜ñÈÿÞþÄ/àë\u001džþùg\u0005öyæY<óKøv—§ñܯáÛ]f\u001cã«wË3çô»½f=›OŸn./^8Ðãf\u001cçòËÝýͯãÓ\u0016?³-yf[õ™mµg¶Õ¿Ûvu·ÿÇ\u0007Áàó§«ñ‡ÓÑ^gО|@\u001düû™>·1yncõ¹µç6Ö\u001fo¼\u001d}\u001a>ùÙ7~=ÿŠ¾Ãg·U\b>û?\u001dü©=œÛV‹;~þð¨3œþ4øÃ\u001fþl†?Í5\u0018ü\u001c¼„ÐÁ:!t`ð\u0003\u001føÀ\u0007>»a\u000f~¸cðÃ\u001fþðgCýi\u0004ëÏÑéÁûãÙü\u001c]]_\\_^]ÿ²s<º\u001eÝ^]î\u001cL€Y\u0013‹&¯\fE(BÑ:R4~\u000fþ©Û›¾\u0005‰´l‘ê\u0001‹t8¿H‡cPÖ\u0006¤C \u0001\tH@\u0002Òw Õž\u001f2N2U„#\u001cáh;8ª†Î‘A\u0012hD#\u001amFIØ\u001auú{o{GG³=z=øÓNÿâ÷ñe\fÿu?\u001aßHuqûû\u000fkÂQúʀ\u0004$ ¹’Dñò%zx>\u000bO\u001cí'ŽNËGy0\u0014WwëñLŠ’¤ÒªT*³@J’jeºé\t–Æ´ŒOÒԕÅy:9=|ð®\u0014½+íu:½éWý÷‡íý“áäëL~™uâ\u0018ÇÂulüþ\u001ctž¼Ñ_·÷:Ãד/\u0007o\u0007ÃvwçätØ>>Û\u001bö֟\u0004\u0007íÇ£3î=ó©:9i\u000fŸ¯-Ͳ0ð>‡þÛîðýÉa{¯3[Ä«ñ¦Ï\u0017¿ßfïB\b\bÇ'ÿ¤Ó99M#Àçõû÷\u000b4>ã\u001a׌϶~|Ö\b·æ!ܐp2ï4>éY‡cF[T¢\u0012•¨ôH¥f€©áYž©a³Y­\u0005›\u001ab\nS˜ÚàPð +ê[\u001c«ÝÐ/¶è\u001d½?\u0019\ffƒÕ¹¹¸NÅZ›K,¦¯G†‡!\f¹èC©C€£<\u0004\u0019\u0011¡\bE(Ú\nŠÂm‹p‘\u0003èD'ÓJ[ÈR­˜i¥…£ºÉÇv\u000e˜v®®?Ü|¹þø\"OoÞ¼yóļÒÃäÑwNŕøùy¥—´:8k\u001fžL®#}™«éK–å!\nQˆBTÆ\u001e‰¸V¯åpåCR+ÿ¹|”Þ(4Û§þø9|¼ºÜ9¹þÇÍÕåh§¼3ý]í|¸øtq}9ÚùòùãÅýè.ÃÅ\u0010ñ\u0004¦Õ^\fñÇÝR‹\u000e®ŽÎ÷\f®\u0002—kÒMv2\u001c¶OßÿqåËӐ½°;×^vmòÖº¹»\u001f}üîOœð¯÷Î?,Üï?\u001b\u0016ºŠ\"+|\tøÀ\u0007>ð/(øþtÜ\u0001_žðÅà\u0003\u001føÀ\u0007¾ à\u001böúàË\u0013¾\nøÀ\u0007>ð/(øúƒ!ør„¯Þ\u0002\u001føÀ\u0007>ð\u0005\u0005_§}\f¾<ák‚\u000f|à\u0003\u001føšãëwÁ—'|»à\u0003\u001føÀ\u0007¾°àk»¸%Wø\u001aà\u0003\u001føÀ\u0007¾ à{}¾\u000f¾<᫃\u000f|à\u0003\u001føÂ\u001añuÝǗ+|su¬<<BqÝýä#\u001fùÈ·åòEéÐ/J³Ï(ü‹Ò«_¢ôòÏ(½ÿ!Jo\u0000ŒÖï\u000eøtpµ6pfn~I\u001a9¬”]¬›O.ž\u001dWë\rnr“›Ü\f¯ù¥ˆEµÇÓ¬Tâ¤Ò¨5«²#Í\u0004˜À\u0004&0\tÌÙ`Æqe·^KâF\u0002ÌZ=\u0006&0\tL`\u0002s6˜ÆøC0Nš\u0015`Öê\u0015`\u0002\u0013˜À\u0004æºu’ŠdW\u0000f­\u0005L`\u0002\u0013˜À\u0004¦Höe0›À\u0004&0\tL`Šd_\u0006s\u0017˜À\u0004&0¹n«eˆdW\u0001f\u0003˜À\u0004&0\tL‘ìË`ց\tL`\u0002\u0013˜À\u0014ɾ\ff\r˜À\u0004&0¹në8ŠdW\u0001¦¦\u001f`\u0002\u0013˜À\u0004¦Hv\u000e05ý\u0000\u0013˜À\u0004&0E²s€©é\u0007˜À\u0004&0Ã\u0002sÒ±.’\r\u000fLM?À\u0004&0\tL‘ìË`V5ý\u0000\u0013˜À\u0004&0E²s€©é\u0007˜À\u0004&0\u0003kúéwE²!‚©é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\tL‘ì\u001c`jú\u0001&0\tÌÀÀl[Þ+H05ý\u0000\u0013˜À\u0004&0E²s€©é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\u0019\u0016˜¯Ï÷E²!‚©é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\tL‘ìË`&š~€\tL`\u00023°9ÌnO$\u001b\"˜š~€\tL`\u0002\u0013˜\"Ù9ÀÔô\u0003L`\u0002\u0013˜À\u0014ÉÎ\u0001æ\\M?\u000f0ĊóDLb\u0012“˜Ä\\¦˜Q:™\u0019¥÷™Di\u0005P”¶³Gé™ѻҰןn?žî·ß\u000fRÜèÛ\u0011k”sâ›\u000eõ–ÌñŒ£.GãÌ5Bñò‡¯gå$)\u0012ãf³Z›q\\©¬=ƃ\tÆÑ»Ò1•©Lå5Sy\u000eU\u000fº‹ZùxÛ6ŽGk\u0004$ \u0001\tHÀ@Ç¥Ç\u001d\u0002æ)`•€\u0004$ \u0001\t\u0018¦€“¤•€ù\t˜\u0010€\u0004$ \u0001Ã\u0014p2çHÀü\u0004Œ\tH@\u0002\u0012€a\n8¹ú†€ù\tX! \u0001\tH@\u0002®íR”\u0004Ì `Ü\" \u0001\tH@\u0002®íÊ\u001f\u0004Ì\"`“€\u0004$ \u0001\t¸¶E«\u0004Ì\"à.\u0001\tH@\u0002\u0012pm{m\b˜EÀ ûi\u0010ˆ@\u0004\"\u0010Å\u0014Õ\u0004Eh>•2ù\tš½S&É£à­\u001aFÁÛ&\u0000Úá&7¹¹y7Ò[tc\u0015`ր\tL`\u0002\u0013˜À´èÆË`V\tL`\u0002\u0013˜À´èÆË`&.ºALb\u0012“˜ÄÜêE3rò4¯U3âŒm9y]\"Tu‰\u0010MiJSšº86\u0017ø²–äT›Õ\u001c†‘±aäòÖnl·\u0007à\u0003\u001fø6l•(—ö¬\u0000ÌJ\u000b˜À\u0004&0\tL—ö¼\ff\u0013˜À\u0004&0\tL—ö¼\fæ.0\tL`\u0002ӕ=\"ٗÁl\u0000\u0013˜À\u0004&0)’}\u0019Ì:0\tL`\u0002\u0013˜\"ٗÁ¬\u0001\u0013˜À\u0004&0ƒ\u0002sR\u0004+’\r\u000fÌ*0\tL`\u0002\u0013˜\"ٗÁL€\tL`\u0002\u0013˜À\u0014ɾ\ff\fL`\u0002\u0013˜À\f\nÌÉ\u001a]\"ÙðÀÔô\u0003L`\u0002\u0013˜À\u0014ɾ\bfµ¥é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\u0019\u0016˜ö±H6D05ý\u0000\u0013˜À\u0004&0E²s€©é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\u0019XÓO¿+’\r\u0011LM?À\u0004&0\tL‘ì\u001c`jú\u0001&0\tL`Šdç\u0000SÓ\u000f0\tL`\u0006\u0006fÛò^A‚©é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\tL‘ìË`65ý\u0000\u0013˜À\u0004fX`¾>ß\u0017Ɇ\b¦¦\u001f`\u0002\u0013˜À\u0004¦Hv\u000e05ý\u0000\u0013˜À\u0004&0E²s€©é\u0007˜À\u0004&0\u0003›ÃìöD²!‚©é\u0007˜À\u0004&0)’\u0003LM?À\u0004&0\tL‘ì\u001c`ÎÕôóð\b3Ä|8OÄ$&1‰IÌeŠ\u0019¥“™QzŸI”V\u0000Ei;{”.œ\u0019½+\r{ýéöãé~ûý ō¾\u001d±F9'¾éPoÉ\u001cÏ8êr4ÎX#”\u000bÆgåj\\ ÆI<UuC1\u000e¦ï©~ïhú\u0006Þ{ÛÅ3žñ¼a\u0003ڃî¢h>Þ¶\u0003ÓÌ\u0005AõZ\u000eãÒ$1.]\u0016…ƒó½é]\u001f¾8Úßë \u0010…(\\'\n\u0003\u001aiºzèkB+\bE(B\u0011ŠP„ºžh\u0001Bw[\bE(B\u0011ŠP„ºÂh\u0011B›\bE(B\u0011ŠÐÐç4-–\u0012$¡»\bE(B\u0011ŠP„\nr\u0017!´P„\"\u0014¡\bE¨ w\u0011Bë\bE(B\u0011ŠÐÀ\tÜ\u000b*È\rÐ\u001aB\u0011ŠP„\"\u0014¡‚ÜE\b­\"\u0014¡\bE(B\u0011*È]„Ð\u0004¡\bE(B\u0011\u001a8¡“r?Anx„j'B(B\u0011ŠP„\nr\u0017\"T;\u0011B\u0011ŠP„\"T»\b¡\ríD\bE(B\u0011\u001a:¡“ÕZ\u0004¹á\u0011ª\b¡\bE(B\u0011*È]ˆPíD\bE(B\u0011ŠPAîB„j'B(B\u0011ŠÐàۉú]Anˆ„j'B(B\u0011ŠP„\nr\u0017\"T;\u0011B\u0011ŠP„\"T»\u0010¡Ú‰\u0010ŠP„\"4xBÛ\u0016;\u000b’PíD\bE(B\u0011ŠPAîB„j'B(B\u0011ŠP„\nr\u0017\"T;\u0011B\u0011ŠP„†Nèëó}An€„Öµ\u0013!\u0014¡\bE(B\u0005¹\u000b\u0011ª\b¡\bE(B\u0011*È]ˆPíD\bE(B\u0011\u001aü\\h·'È\r‘PíD\bE(B\u0011ŠPAîB„j'B(B\u0011ŠP„\nr\u0017\"t®v¢‡G˜aèÃyb(C\u0019ÊP†ækh”NŠFé].QZ[\u0014¥=ôQº°hô®4ìõ§Û§ûí÷ƒ48úvT\u001båœ\u0013§ÃÁ%\u0003=ã¨Ëñ9sõQmùCܳr\\-’çf³ZÛ\\žÚí\u0001Œa\fãuÂx\u000eL\u000fº‹\u0012ùxÛ6\u000eL\u0013ð\u000f|à\u0003_X£Ðã\u000eøò„/\u0006\u001føÀ\u0007>ð\u0005\u0005ß$N\u0005_~ðUÀ\u0007>ð\u000f|AÁ7™O\u0004_nðÕZà\u0003\u001føÀ\u0007¾ à›\\P\u0003¾üàk‚\u000f|à\u0003\u001føÖm!Lðeo\u0017|à\u0003\u001føÀ·n\u000b‡€/\u000b|\rð\u000f|à\u0003ߺ\u0015­‚/\u000b|uð\u000f|à\u0003ߺ\u0015Ӏ/\u000b|A\u0016̐|ä#Ÿ:™\\ëd‚’3Ÿâ—üàÌØü’S1[5\u000e¢˜­Vãúº»Ù99\u001dLßjýÞÑô½¶÷¶KR’’T¹©Ñæ\u0002hfn‰ë9 \u0019×´™.\u000bͳÁùÁ´Í´×;Ôf\nMhnjšu©VAhŒP„\"\u0014¡\bE¨u©\u0016!´‚P„\"\u0014¡\bE¨u©\u0016 ´ÚB(B\u0011ŠP„®!¸ w\u0015„6\u0011ŠP„\"\u0014¡\b\u0015ä.Bè.B\u0011ŠP„\"\u0014¡‚ÜE\bm \u0014¡\bE(Bׁ+Aî*\b­#\u0014¡\bE(B\u0011*È]„Ð\u001aB\u0011ŠP„\"\u0014¡‚ÜE\b­\"\u0014¡\bE(B×ÁfAî*\bÕN„P„\"\u0014¡\b\u0015ä.D¨v\"„\"\u0014¡\bE¨ w!Bµ\u0013!\u0014¡\bEhè„N–`\u0011ä\u0006Gh¢\b¡\bE(B\u0011*È]ˆPíD\bE(B\u0011ŠPAîB„j'B(B\u0011ŠÐàۉú]Anˆ„j'B(B\u0011ŠP„\nr\u0017\"T;\u0011B\u0011ŠP„\"T»\u0010¡Ú‰\u0010ŠP„\"4xBÛ\u0016;\u000b’PíD\bE(B\u0011ŠPAîB„j'B(B\u0011ŠP„\nr\u0017\"T;\u0011B\u0011ŠP„†Nèëó}Anˆ„j'B(B\u0011ŠP„\nr\u0017!4ÖN„P„\"\u0014¡\b\u0015ä.D¨v\"„\"\u0014¡\b\r~.´Û\u0013ä†H¨v\"„\"\u0014¡\bE¨ w!Bµ\u0013!\u0014¡\bE(B\u0005¹\u000b\u0011:W;ÑÃ#Ì0ôá<1”¡\fe(Có54J'E£ô.—(­-ŠÒ\u001eú(]X4zW\u001aöúÓíÇÓýöûA\u001a\u001c};ªrΉÓáà’žqÔåøœ¹ú¨²ü!îYÁ<7›Õ\u001ažñŒg<‡Ëó\u001c¼\u001et\u0017Eóñ¶m\u001cªVQˆB\u0014¢\u0010…¡T;(̓Â\u0004…(D!\nQ\u00188…“\u0010\u0016…ùQ\u0018£\u0010…(D!\n\u0003§p2/‰Âü(¬ \u0010…(D!\n\u0003§pr©\u000e\ns£°ÒB!\nQˆB\u0014®ÿ¢›(ÌBa\u0013…(D!\nQ¸þ˖ 0\u000b…»(D!\nQˆÂõ/~Ea\u0016\n\u001b(D!\nQˆÂõ¯ÎAa\u0016\nƒ¬Àa!\u000bYÈB\u0016\u0016\\\u0013”¥ù”ÕäGiƶšœÊäªqùT™Ür$휜\u000e¦oµ~ïhú^Û{Û%iø’î\u001d\fOÎÛé¯l0|øÓô\u001fƒŸ\u0006ýöéa{úÿ¢ÃöÃ~/c›íˆ<V뺤J9£Øj%{;N%\u0007z“*z—FïùÞ\u0010´ \u0005­F\u001d«x\u0005Ân‚]ìb\u0017»ØÅ®•¿Šb7Æ.v±‹]ìb×jaE±[\tsµ0îr—»ÜåîFº[ð\na9©œÓ\u0012aI«\u0015àEWg\u0005›¼Ù—/3™ÉLf²Ûrà³\u0019$Ÿ…^³œÄS\u0007]³\fT \u0002Õý´@]\u001cÔ¬-KÉn.s³‰ŒxY \u000e&ãÑñí´\u0006¦\u001cå¨õ®]’\u001cŽ¿\rþò—¿üå/]›\\¸¿uþò—¿üå/]¤\\¸¿5þò—¿ü寋•åυû[å/ùË_þòWþ\\¸¿\tùË_þò—¿òçÂýùË_þò—¿›ìïdm!ùsxþVøË_þò—¿ü•?\u0017ío³Å_þò—¿üå¯ü¹p›üå/ùËßMöw²Æ½ü9<õ_ñ—¿üå/åÏÅû«ÿŠ¿üå/ù+.Þ_ýWüå/ù»ÑþvÚÇòç\u0010ýÕÅ_þò—¿ü•?\u0017ï¯þ+þò—¿üå¯ü¹xõ_ñ—¿üåïf÷_õ»òç\u0010ýÕÅ_þò—¿ü•?\u0017ï¯þ+þò—¿üå¯ü¹pwõ_ñ—¿üåïfûÛ¶þ`þê¿â/ùË_þʟ‹÷Wÿ\u0015ùË_þòWþ\\¼¿ú¯øË_þòw£ý}}¾/\u000eÑ_ýWüå/ùË_ùsñþê¿â/ùË_þʟ‹÷Wÿ\u0015ùË_þnöüo·'\u000eÑ_ýWüå/ùË_ùsñþê¿â/ùË_þʟ‹÷w®þ«‡G˜\u0001ðÃy\u00020€\u0001\f`\u0000\u0007\fp”N\u0004Gé\rIQZŒ\u0015¥\u000b4DéBÁѻҰןn?žî·ß\u000f\u0012ðèÛñt”s¼\u000eD—¬ûŒ£.\u0005÷Fær­Z’‡í5¶/Ëö#¤#\u001dé[Iz@$›SþšÝ&v±‹]ìb\u0017»¦’‹bw\u0017»ØÅ.v±‹]3ÈE±ÛÀ.v±‹]ìnâ¼ñ±…\u001b‚d·Ž]ìb\u0017»ØÅ®¹(vkØÅ.v±‹]ì\n™‹b·Š]ìb\u0017»ØÝ@v'7\u001b\t™Ãc7Á.v±‹]ìbWÈ\\\u0014»1v±‹]ìb\u0017»Bæ¢Ø­`\u0017»ØÅ.v7ÝI³•98vëZª°‹]ìb\u0017»BæÂØÕR…]ìb\u0017»Ø\u00152\u0017Æ®–*ìb\u0017»ØÝDv'Ë(\b™ÃcWK\u0015v±‹]ìbWÈ\\\u0018»Zª°‹]ìb\u0017»BæÂØÕR…]ìb\u0017»\u001bÙR5^³WÈ\u001c\u001e»Zª°‹]ìb\u0017»BæÂØÕR…]ìb\u0017»Ø\u00152\u0017Æ®–*ìb\u0017»ØÝHvÛ\u0016þ\u000b’]-UØÅ.v±‹]!sQìÖ´Ta\u0017»ØÅ.v…Ì…±«¥\n»ØÅ.v7‘Ý×çûBæ\u0010ÙÕR…]ìb\u0017»Ø\u00152\u0017Æ®–*ìb\u0017»ØÅ®¹0vµTa\u0017»ØÅîFÎív{Bæ\u0010ÙÕR…]ìb\u0017»Ø\u00152\u0017Æ®–*ìb\u0017»ØÅ®¹0vçj©zx„\u0019î>œ'îr—»ÜånxîFé$o”ÞQ\u0014¥õUQºVB”.Ì\u001b½+\r{ýéöãé~ûý ݎ¾\u001d=G9gØé°sɨÏ8êrLÏ\\U]þPú¬`қÍj\réHG:Ò7‹ô9H>è.\níãmÛ8$®à\u0013ŸøÄ'>7qD|ÜÁgŽ|V[øÄ'>ñ‰Ï\räs\u0012\u0010ã3?>›øÄ'>ñ‰Ï\räs2ϊÏüøÜÅ'>ñ‰O|n Ÿ“Ë•ð™\u001fŸ\r|â\u0013ŸøÄçv.Z‹Ï,|Öñ‰O|â\u0013ŸÛ¹\u001c\u000f>³ðYÃ'>ñ‰O|ngÑ0>³ðYÅ'>ñ‰O|ng…\u0012>³ð\u0019d\u0015\u0012?ùÉO~òs\rª‚ò7ŸÒ¢üøÍÜZ”ä2zMè»,}\u0007\u0013}£w¥c\fc\u0018Ãê‹\fc—ïh…£\u001cå(G9ªÇˆ£‹:š´8ÊQŽr”£\n8º°£MŽr”£\u001cå¨f#Ž.ìè.G9ÊQŽrTÅ\u0011G\u0017v´ÁQŽr”£\u001cÕuÄх\u001d­s”£\u001cå(G•\u001eqtaGk\u001cå(G9ÊQíG\u001c]ØÑ*G9ÊQŽrT\r\u0012G\u0017v4Ô\u001a$‚\u0014¤ \u0005©>¤-èCJ²ö!Å­ÚÒ\u0019Þ/ÇÕ\"\u0019®îÖã\rn#l·\u0007ô¥/}Õ ÍÐsÐýy\nt{¯3|=ýûx;\u0018¶»;'§ÃöñÙÞ°w6•ú ½¨³ãÇiV*qRiԚÕÇGÙÆáo\u0005»ØÅ.v±‹Ý<ٍãÊn½–č\u0004»IÜÂ.v±‹]ìb7Ov\u001bFe<àmV°›ÄMìb\u0017»ØÅîvv\u0004\u000b™WÁî.v±‹]ìb\u0017»Bæ¢Øm`\u0017»ØÅ.v±+d.ŠÝ:v±‹]ìbw;\u0017Ð\u00112¯‚Ý\u001av±‹]ìb\u0017»Bæ¢Ø­b\u0017»ØÅ.v±+d.ŠÝ\u0004»ØÅ.v±»«Ë\n™WÁ®–*ìb\u0017»ØÅ®¹0vµTa\u0017»ØÅ.v…ÌE±[ÑR…]ìb\u0017»›ÈîdÅ\u0003!sxìj©Â.v±‹]ì\n™\u000bcWK\u0015v±‹]ìbWÈ\\\u0018»Zª°‹]ìbw#[ªú]!sˆìj©Â.v±‹]ì\n™\u000bcWK\u0015v±‹]ìbWÈ\\\u0018»Zª°‹]ìbw#Ùm[ø/HvµTa\u0017»ØÅ.v…Ì…±«¥\n»ØÅ.v±+d.Œ]-UØÅ.v±»‰ì¾>ß\u00172‡ÇnÜÒR…]ìb\u0017»Ø\u00152\u0017Æ®–*ìb\u0017»ØÅ®¹0vµTa\u0017»ØÅîFÎív{Bæ\u0010ÙÕR…]ìb\u0017»Ø\u00152\u0017Æ®–*ìb\u0017»ØÅ®¹0vçj©zx„\u0019î>œ'îr—»ÜånxîFé$o”ÞQ\u0014¥õUQºVB”.Ì\u001b½+\r{ýéöãé~ûý ݎ¾\u001d=G9gØé°sɨÏ8êrLÏ\\Õ\\þPú¬`қÍj\réHG:Ò7‹ô9H>è.\níãmÛ8$Nð‰O|â\u0013Ÿ›8\">îà3O>c|â\u0013ŸøÄç\u0006ò9\tˆñ™\u001fŸ\u0015|â\u0013ŸøÄç\u0006ò9™gÅgn|6[øÄ'>ñ‰Ï\räsr¹\u0012>ó㳉O|â\u0013ŸøÜÎEkñ™…Ï]|â\u0013ŸøÄçv.ǃÏ,|6ð‰O|â\u0013ŸÛY4ŒÏ,|Öñ‰O|â\u0013ŸÛY¡„Ï,|\u0006Y…ÄO~ò“Ÿü\\ƒ*¤ üͧ´(?~3·\u0016Õ\u001by\u0014\u0011Ö\u0014\u0011.Kß³ÁùÁä­tÜëM?oö÷:<æ1õ\u0018Y\u0000'\u0010ˆ\u0013\u0010ƒ\u0018Ä \u00061ˆ-‰³:ˆc\u0010ƒ\u0018Ä \u00061ˆ-’³:ˆ+ \u00061ˆA\fb\u001dÁ¢é•A¼Û\u00021ˆA\fb\u0010ƒX4½:ˆ› \u00061ˆA\fb\u0010‹¦W\u0007ñ.ˆA\fb\u0010ƒØú;¢éÕAÜ\u00001ˆA\fb\u0010ƒX4½:ˆë \u00061ˆA\fb\u0010‹¦W\u0007q\rÄ \u00061ˆAlm[Ñôê Ö¬\u0005b\u0010ƒ\u0018Ä \u0016M¯\u0010bÍZ \u00061ˆA\fbÑô\n!Ö¬\u0005b\u0010ƒ\u0018ÄÛ\u0001ñdm\u0007Ñtx\u0010kÖ\u00021ˆA\fb\u0010‹¦W\u0007qC³\u0016ˆA\fb\u0010ƒX4½Bˆ5k\u0018Ä \u0006ñ–4kõ»¢é\u0010!Ö¬\u0005b\u0010ƒ\u0018Ä \u0016M¯\u0010bÍZ \u00061ˆA\fbÑô\n!Ö¬\u0005b\u0010ƒ\u0018Ä[\u0002qÛ2ˆAB¬Y\u000bÄ \u00061ˆA,š^!̵@\fb\u0010ƒ\u0018Ä¢é\u0015B¬Y\u000bÄ \u00061ˆ·\u0003â×çû¢é\u0010!Ö¬\u0005b\u0010ƒ\u0018Ä \u0016M¯\u0010bÍZ \u00061ˆA\fbÑôê ®kÖ\u00021ˆA\fâ-™#îöDÓ!B¬Y\u000bÄ \u00061ˆA,š^!̵@\fb\u0010ƒ\u0018Ä¢é\u0015B<W³ÖÃ#̐øá<‘˜Ä$&1‰×Aâ(,ŽÒû™¢´r+JW…ˆÒ…‹£w¥a¯?Ý~<Ýo¿\u001f¤äÑ·#ì(çä;\u001dš.™ù\u0019G]Žò™k»jË\u001fnŸ\u0015Œ|³Y­A\u001eò‡ü¦#?\u0007Ò\u0007ÝEé}¼m\u001b‡Í5 \u0002\u0015¨@\u0005êvŒš;@Í\u0013Ô*P\nT \u0002u+@ÄÊ@Í\u000fÔ\u0004¨@\u0005*Pº\u0015 Nækš\u001f¨1P\nT \u0002u+@\\\b\u0005Ôü@­\u0000\u0015¨@\u0005*P-ê\u000bÔÌ ÖZ@\u0005*P\nTK\u0011\u00015;¨M \u0002\u0015¨@\u0005ª\u0002e f\u0007u\u0017¨@\u0005*Pªö\t¨ÙA\r²¾‰¨D%*Q‰º–õMA‰œOÑR~ glZš×ãáÙÞé`ü.ïÎ‰ò›r¥R~S\u001e\u001c\u001e\u001eÌ\u0006ypx¸óáâþò¿w.o®ÿvuûëäOôE}ûí·ßfâûoa¿Ã7®ÄÙñü©žµ\u000fO&mbÞ«3?¯ÿS}¿'”±!\u0019;cgäáß<þ=±×¬g“«u·%Ïl3`œß§Úò}J÷^x¸ø¦\\‰ËoþÓábtýñêú—Ááá‹F•g\u0002UžESyF„ƒó½á·CÃã‡ïtNN\u0007Ó/ú½£é\u0017\u000f›ŽÚí馣?¾3\u0019PN\u0006\u0015o»F–ÔÛÊQßô\u0003eîaß×»³p\u001d-¬†ha«U~Sî¿í\u000eßOe{b¤öùâ÷ñû¥ ú¾y›­‚¼Ã£Î\u0010L`2\u001c3\u001cÛ$‚’B\bZ8-Ü8‡Ò׳\u0018Dò@\u0000\u0001\b@›\u0004P\u001c8@ÿI&¸\rƒ!\u00061ˆA\fÚ$ƒ*Å\\3ñ\u001f^ÃXË§Köçé…&“¤\u001a?u±Ä\u001f\u00171>3/5y½+Ÿ˜ú~ÒɄ\u0012²µ:²\u0002Z{™tqµ\u0015 tûyH—¤š‘Žt¤#]0Ò¹Ý,‹_™\u000bQ’V\u000e~U\u0012#µ<.!|é‚AØÁ\u000ev«ÂnŽ;¹\fëŠaq\u0017‹XÄ\"\u0016±¸ú1àË+õb±\u0018\u0016\u001bXÄ\"\u0016±ˆÅ•³8Çz»X,†Å:\u0016±ˆE,bqå,αj.\u0016‹a±†E,b\u0011‹X\\9‹s¬}‹ÅbX¬b\u0011‹XÄ\"\u0016W?·øò\n¶X,†Å\u0004‹XÄ\"\u0016±¸z\u0016Û.¹\t„Å\u0018‹XÄ\"\u0016±¸r\u0016çXM\u0016‹Å°XÁ\"\u0016±ˆE,ª£ÁâW¨…·z,\u0017¹ÈE.n¥‹ù®ìº¦®®Ù\u001a°I斜¸•CŸi\u001eª>¹ò:U©JUª®CKŽJ¸,ØíÂ\u000ev°ƒ\u001dìÖ¡û\u0006vY°kÀ\u000ev°ƒ\u001dìÖ¡Ñ\u0006vY°«Ã\u000ev°ƒ\u001dìÖ¡§\u0006vY°«Á\u000ev°ƒ\u001dìÖ¡}\u0006vY°«Â\u000ev°ƒ\u001dìÖ¡S\u0006vY°K`\u0007;ØÁ\u000evëÐ\u0014\u0003»,ØÅ°ƒ\u001dì`\u0007»uè]\u0016ì*°ƒ\u001dì`\u0007»uhu]\u0006ìâ »ZhG;ÚÑNWËÒ»Z‚ÒrÍ\u001aXâŒ\r,³¬L÷^˜Ê7åV«ü¦Ü99\u001d¼?\u0019\ff[Ù¹¹¸Þ9¹¾»¿øôiüVÛ9¹»ûrq=\u0007šå™`–gQY~\u001aÉoÞª\u000bØøðê\u0016Çñð¨3¤\u001bÝè\u0016ìXîñ\u001bÅÍ\u000fÓn!0\rÏöN\u0007{\u0007ÓÞéÜ:U*tzV§ïÑ¡\u0012•¨D¥µW©\u0011îp©·wú¾÷\fG½Û«_®®'Së¢Ðä%\u0019!±ˆEëhÑãm\u0010Z\u000eBõÀ‡F$2\u001a\"\u0010\b´\u0011\u0002ýuòÞº¹½\u001f}ì?\u000f“JR/WvËqm\u00187^U›¯êÍ\u001f[õÊÏ¥ý?PK\u0007\b­ù\u0017þ’ \u0000\u0000`]\n\u0000PK\u0001\u0002-\u0003\u0014\u0000\b\u0000\b\u0000݄îZ­ù\u0017þ’ \u0000\u0000`]\n\u0000:\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000 \u0000¤\u0000\u0000\u0000\u0000criteria-set-11-exported-2025-07-14T16:38:58.967Z1073.jsonPK\u0005\u0006\u0000\u0000\u0000\u0000\u0001\u0000\u0001\u0000h\u0000\u0000\u0000ú \u0000\u0000\u0000\u0000","criteriaSetId":null};
-    const result = guard.sanitizeObject(input);
-    expect(result.zipBinaryString).toBe(input.zipBinaryString);
-  });
-
-  test('allows clean string without altering it', () => {
-    const input = { comment: 'This is a safe comment.' };
-    const result = guard.sanitizeObject(input);
-    expect(result.comment).toBe('This is a safe comment.');
-  });
-
-  test('sanitizes basic XSS attempt', () => {
-    const input = { comment: '<script>alert("xss")</script>' };
-    const result = guard.sanitizeObject(input);
-    expect(result.comment).toBe('');
-  });
-
-  test('sanitizes inline XSS', () => {
-    const input = { title: '<img src=x onerror=alert(1)>' };
-    const result = guard.sanitizeObject(input);
-    expect(result.title).toBe(''); // dompurify removes the dangerous attribute
-  });
-
-  test('sanitizes encoded XSS attempt', () => {
-    const input = { encoded: '%3Cscript%3Ealert(1)%3C%2Fscript%3E' };
-    const result = guard.sanitizeObject(input);
-    expect(result.encoded).toBe(''); // <script> is decoded and then cleaned
-  });
-
-  test('sanitizes nested objects', () => {
-    const input = {
-      level1: {
-        level2: {
-          content: '<script>evil()</script>'
-        }
-      }
-    };
-    const result = guard.sanitizeObject(input);
-    expect(result.level1.level2.content).toBe('');
-  });
-
-  test('sanitizes arrays inside objects', () => {
-    const input = {
-      tags: ['safe', '<img src=x onerror=alert(1)>']
-    };
-    const result = guard.sanitizeObject(input);
-    expect(result.tags[0]).toBe('safe');
-    expect(result.tags[1]).toBe('');
-  });
-
-  test('preserves clean strings in array', () => {
-    const input = {
-      tags: ['tag1', 'tag2', 'tag3']
-    };
-    const result = guard.sanitizeObject(input);
-    expect(result.tags).toEqual(['tag1', 'tag2', 'tag3']);
-  });
-
-  test('sanitizes SVG-based XSS', () => {
-    const input = { x: '<svg/onload=alert(1)>' };
-    const result = guard.sanitizeObject(input);
-    expect(result.x).toBe(''); // removes onload attribute
-  });
-
-  test('sanitizes strings and ignores non-string values', () => {
-    const input = {
-      num: 123,
-      bool: true,
-      nullValue: null,
-      undef: undefined,
-      notReplace: 'a < b'
-    };
-
-    const result = guard.sanitizeObject(input);
-
-    expect(result.num).toBe(123);
-    expect(result.bool).toBe(true);
-    expect(result.nullValue).toBeNull();
-    expect(result.undef).toBeUndefined();
-    expect(result.notReplace).toBe('a &lt; b');
-  });
-
-  test('sanitizes XSS in deep mixed structures', () => {
-    const input = {
-      items: [
-        { safe: 'ok' },
-        { unsafe: '<iframe src="javascript:alert(1)">' }
-      ]
-    };
-    const result = guard.sanitizeObject(input);
-    expect(result.items[1].unsafe).toBe('');
-  });
-
-  test('sanitizes <a> with javascript href', () => {
-    const input = { link: '<a href="javascript:alert(1)">click</a>' };
-    const result = guard.sanitizeObject(input);
-    expect(result.link).toBe('click');
-  });
-
-  test('removes unexpected <object> tag', () => {
-    const input = { embed: '<object data="evil.swf"></object>' };
-    const result = guard.sanitizeObject(input);
-    expect(result.embed).toBe('');
-  });
-
-  test('removes unexpected <iframe> tag', () => {
-    const input = { iframe: '<iframe src="http://malicious.com"></iframe>' };
-    const result = guard.sanitizeObject(input);
-    expect(result.iframe).toBe('');
-  });
-
-  test('removes style attribute with expression()', () => {
-    const input = { style: '<div style="width:expression(alert(1))">' };
-    const result = guard.sanitizeObject(input);
-    expect(result.style).toBe('');
-  });
-
-  test('encodes < in string', () => {
-    const input = { text: 'a < b' };
-    const result = guard.sanitizeObject(input);
-    expect(result.text).toBe('a &lt; b');
-  });
-
-  test('allows > in string without encoding', () => {
-    const input = { text: 'a > b' };
-    const result = guard.sanitizeObject(input);
-    expect(result.text).toBe('a > b'); // dompurify leaves this unchanged
-  });
-
-  test('allows & in string without encoding', () => {
-    const input = { text: 'Tom & Jerry' };
-    const result = guard.sanitizeObject(input);
-    expect(result.text).toBe('Tom & Jerry'); // & is preserved if not HTML
-  });
-
-  test('allows " in string without encoding', () => {
-    const input = { text: 'She said "hello"' };
-    const result = guard.sanitizeObject(input);
-    expect(result.text).toBe('She said "hello"'); // not encoded
-  });
-
-  test('allows \' in string without encoding', () => {
-    const input = { text: "It's fine" };
-    const result = guard.sanitizeObject(input);
-    expect(result.text).toBe("It's fine"); // not encoded
-  });
-
-  test('encodes only special HTML characters like < when needed', () => {
-    const input = { text: 'if (a < b && b > c) { console.log("yes"); }' };
-    const result = guard.sanitizeObject(input);
-    expect(result.text).toBe('if (a &lt; b &amp;&amp; b &gt; c) { console.log("yes"); }');
-  });
-
-  test('sanitizes special chars inside deeply nested object', () => {
-    const input = {
-      user: {
-        profile: {
-          bio: `I'm <strong>bold</strong> & smart`
-        }
-      }
-    };
-    const result = guard.sanitizeObject(input);
-    expect(result.user.profile.bio).toBe("I'm bold &amp; smart"); // <strong> removed
-  });
-
-  test('sanitizes array of special char strings', () => {
-    const input = {
-      messages: ['Hello & welcome', 'a < b', 'Use "quotes"', "It's fine"]
-    };
-    const result = guard.sanitizeObject(input);
-    expect(result.messages).toEqual([
-      'Hello & welcome',
-      'a &lt; b',
-      'Use "quotes"',
-      "It's fine"
-    ]);
-  });
-
-
-  // test('sanitizes XML Tags', () => {
-  //   const input = {
-  //     messages: [
-  //       '<xml xmlns="https://developers.google.com/blockly/xml"><block type="main_return" id="main-return-block" deletable="false" x="30" y="30"><value name="script"><block type="context_variable" id="[p{VL@_oCmCmgd,dZUh)"><field name="VARIABLENAME">Identifier</field></block></value></block></xml>', 
-  //       '&lt;xml xmlns=&quot;https://developers.google.com/blockly/xml&quot;&gt;&lt;block type=&quot;main_return&quot; id=&quot;main-return-block&quot; deletable=&quot;false&quot; x=&quot;30&quot; y=&quot;30&quot;&gt;&lt;value name=&quot;script&quot;&gt;&lt;block type=&quot;context_variable&quot; id=&quot;[p{VL@_oCmCmgd,dZUh)&quot;&gt;&lt;field name=&quot;VARIABLENAME&quot;&gt;Identifier&lt;/field&gt;&lt;/block&gt;&lt;/value&gt;&lt;/block&gt;&lt;/xml&gt;']
-  //   };
-  //   const result = guard.sanitizeObject(input);
-  //   expect(result.messages).toEqual([
-  //     'Identifier',
-  //     '&lt;xml xmlns=&quot;https://developers.google.com/blockly/xml&quot;&gt;&lt;block type=&quot;main_return&quot; id=&quot;main-return-block&quot; deletable=&quot;false&quot; x=&quot;30&quot; y=&quot;30&quot;&gt;&lt;value name=&quot;script&quot;&gt;&lt;block type=&quot;context_variable&quot; id=&quot;[p{VL@_oCmCmgd,dZUh)&quot;&gt;&lt;field name=&quot;VARIABLENAME&quot;&gt;Identifier&lt;/field&gt;&lt;/block&gt;&lt;/value&gt;&lt;/block&gt;&lt;/xml&gt;'
-  //   ]);
-  // });
-});