@tuturuuu/utils 0.0.3 → 0.6.1

package/src/__tests__/format.test.ts

@@ -0,0 +1,317 @@
+import { describe, expect, it } from 'vitest';
+import {
+  capitalize,
+  formatBytes,
+  formatCurrency,
+  formatDuration,
+  getCurrencyLocale,
+  isValidBlobUrl,
+  isValidHttpUrl,
+} from '../format';
+
+describe('Format Utilities', () => {
+  describe('capitalize', () => {
+    it('capitalizes first letter of a word', () => {
+      expect(capitalize('hello')).toBe('Hello');
+    });
+
+    it('handles single character strings', () => {
+      expect(capitalize('a')).toBe('A');
+    });
+
+    it('handles empty string', () => {
+      expect(capitalize('')).toBe('');
+    });
+
+    it('handles null input', () => {
+      expect(capitalize(null)).toBe('');
+    });
+
+    it('handles undefined input', () => {
+      expect(capitalize(undefined)).toBe('');
+    });
+
+    it('does not change already capitalized strings', () => {
+      expect(capitalize('Hello')).toBe('Hello');
+    });
+
+    it('preserves rest of the string', () => {
+      expect(capitalize('hELLO')).toBe('HELLO');
+    });
+
+    it('handles strings with spaces', () => {
+      expect(capitalize('hello world')).toBe('Hello world');
+    });
+
+    it('handles numbers at the start', () => {
+      expect(capitalize('123abc')).toBe('123abc');
+    });
+  });
+
+  describe('formatBytes', () => {
+    it('formats 0 bytes', () => {
+      expect(formatBytes(0)).toBe('0 Byte');
+    });
+
+    it('formats bytes', () => {
+      expect(formatBytes(500)).toBe('500 Bytes');
+    });
+
+    it('formats kilobytes', () => {
+      expect(formatBytes(1024)).toBe('1 KB');
+    });
+
+    it('formats megabytes', () => {
+      expect(formatBytes(1024 * 1024)).toBe('1 MB');
+    });
+
+    it('formats gigabytes', () => {
+      expect(formatBytes(1024 * 1024 * 1024)).toBe('1 GB');
+    });
+
+    it('formats terabytes', () => {
+      expect(formatBytes(1024 * 1024 * 1024 * 1024)).toBe('1 TB');
+    });
+
+    it('respects decimal places option', () => {
+      expect(formatBytes(1536, { decimals: 2 })).toBe('1.50 KB');
+    });
+
+    it('uses accurate sizes when specified', () => {
+      expect(formatBytes(1024, { sizeType: 'accurate' })).toBe('1 KiB');
+    });
+
+    it('uses accurate sizes for MiB', () => {
+      expect(formatBytes(1024 * 1024, { sizeType: 'accurate' })).toBe('1 MiB');
+    });
+
+    it('handles large numbers', () => {
+      expect(formatBytes(5 * 1024 * 1024 * 1024, { decimals: 1 })).toBe(
+        '5.0 GB'
+      );
+    });
+  });
+
+  describe('formatDuration', () => {
+    it('formats seconds only', () => {
+      expect(formatDuration(30)).toBe('30 seconds');
+    });
+
+    it('formats 1 second singular', () => {
+      expect(formatDuration(1)).toBe('1 seconds');
+    });
+
+    it('formats minutes only', () => {
+      expect(formatDuration(120)).toBe('2 minutes');
+    });
+
+    it('formats 1 minute singular', () => {
+      expect(formatDuration(60)).toBe('1 minute');
+    });
+
+    it('formats minutes and seconds', () => {
+      expect(formatDuration(90)).toBe('1 minute 30 seconds');
+    });
+
+    it('formats hours only', () => {
+      expect(formatDuration(3600)).toBe('1 hour');
+    });
+
+    it('formats multiple hours', () => {
+      expect(formatDuration(7200)).toBe('2 hours');
+    });
+
+    it('formats hours and minutes', () => {
+      expect(formatDuration(3720)).toBe('1 hour 2 minutes');
+    });
+
+    it('does not show seconds when hours are present', () => {
+      expect(formatDuration(3661)).toBe('1 hour 1 minute');
+    });
+
+    it('formats complex duration', () => {
+      expect(formatDuration(7320)).toBe('2 hours 2 minutes');
+    });
+
+    it('handles 59 seconds', () => {
+      expect(formatDuration(59)).toBe('59 seconds');
+    });
+
+    it('handles exactly 60 seconds', () => {
+      expect(formatDuration(60)).toBe('1 minute');
+    });
+  });
+
+  describe('isValidBlobUrl', () => {
+    it('returns true for valid blob URL', () => {
+      expect(isValidBlobUrl('blob:http://localhost:3000/abc123')).toBe(true);
+    });
+
+    it('returns true for blob URL with uppercase', () => {
+      expect(isValidBlobUrl('BLOB:http://localhost:3000/abc123')).toBe(true);
+    });
+
+    it('returns true for blob URL with leading whitespace', () => {
+      expect(isValidBlobUrl('  blob:http://localhost:3000/abc123')).toBe(true);
+    });
+
+    it('returns false for http URL', () => {
+      expect(isValidBlobUrl('http://example.com')).toBe(false);
+    });
+
+    it('returns false for https URL', () => {
+      expect(isValidBlobUrl('https://example.com')).toBe(false);
+    });
+
+    it('returns false for null', () => {
+      expect(isValidBlobUrl(null)).toBe(false);
+    });
+
+    it('returns false for undefined', () => {
+      expect(isValidBlobUrl(undefined)).toBe(false);
+    });
+
+    it('returns false for empty string', () => {
+      expect(isValidBlobUrl('')).toBe(false);
+    });
+
+    it('returns false for data URL', () => {
+      expect(isValidBlobUrl('data:image/png;base64,abc')).toBe(false);
+    });
+  });
+
+  describe('isValidHttpUrl', () => {
+    it('returns true for http URL', () => {
+      expect(isValidHttpUrl('http://example.com')).toBe(true);
+    });
+
+    it('returns true for https URL', () => {
+      expect(isValidHttpUrl('https://example.com')).toBe(true);
+    });
+
+    it('returns true for URL with path', () => {
+      expect(isValidHttpUrl('https://example.com/path/to/resource')).toBe(true);
+    });
+
+    it('returns true for URL with query string', () => {
+      expect(isValidHttpUrl('https://example.com?foo=bar')).toBe(true);
+    });
+
+    it('returns true for URL with port', () => {
+      expect(isValidHttpUrl('http://localhost:3000')).toBe(true);
+    });
+
+    it('returns false for ftp URL', () => {
+      expect(isValidHttpUrl('ftp://example.com')).toBe(false);
+    });
+
+    it('returns false for file URL', () => {
+      expect(isValidHttpUrl('file:///path/to/file')).toBe(false);
+    });
+
+    it('returns false for blob URL', () => {
+      expect(isValidHttpUrl('blob:http://localhost:3000/abc')).toBe(false);
+    });
+
+    it('returns false for null', () => {
+      expect(isValidHttpUrl(null)).toBe(false);
+    });
+
+    it('returns false for undefined', () => {
+      expect(isValidHttpUrl(undefined)).toBe(false);
+    });
+
+    it('returns false for empty string', () => {
+      expect(isValidHttpUrl('')).toBe(false);
+    });
+
+    it('returns false for invalid URL', () => {
+      expect(isValidHttpUrl('not-a-url')).toBe(false);
+    });
+
+    it('returns false for javascript protocol', () => {
+      expect(isValidHttpUrl('javascript:alert(1)')).toBe(false);
+    });
+
+    it('handles URL with whitespace', () => {
+      expect(isValidHttpUrl('  https://example.com  ')).toBe(true);
+    });
+  });
+
+  describe('getCurrencyLocale', () => {
+    it('returns vi-VN for VND', () => {
+      expect(getCurrencyLocale('VND')).toBe('vi-VN');
+    });
+
+    it('returns en-US for USD', () => {
+      expect(getCurrencyLocale('USD')).toBe('en-US');
+    });
+
+    it('returns en-PH for PHP', () => {
+      expect(getCurrencyLocale('PHP')).toBe('en-PH');
+    });
+
+    it('defaults to en-US for unknown currency', () => {
+      expect(getCurrencyLocale('UNKNOWN')).toBe('en-US');
+    });
+
+    it('is case insensitive', () => {
+      expect(getCurrencyLocale('php')).toBe('en-PH');
+    });
+  });
+
+  describe('formatCurrency', () => {
+    it('formats VND currency by default', () => {
+      const result = formatCurrency(1000000);
+      expect(result).toContain('1.000.000');
+      expect(result).toContain('₫');
+    });
+
+    it('formats negative amounts with sign', () => {
+      const result = formatCurrency(-50000);
+      expect(result).toContain('-');
+      expect(result).toContain('50.000');
+    });
+
+    it('formats positive amounts without sign by default', () => {
+      const result = formatCurrency(50000);
+      expect(result).not.toContain('+');
+    });
+
+    it('formats positive amounts with sign when specified', () => {
+      const result = formatCurrency(50000, 'VND', 'vi-VN', {
+        signDisplay: 'always',
+      });
+      expect(result).toContain('+');
+    });
+
+    it('formats USD currency', () => {
+      const result = formatCurrency(1000, 'USD');
+      expect(result).toContain('$');
+      expect(result).toContain('1,000');
+    });
+
+    it('formats EUR currency', () => {
+      const result = formatCurrency(1000, 'EUR');
+      expect(result).toContain('€');
+    });
+
+    it('formats PHP currency', () => {
+      const result = formatCurrency(1000, 'PHP');
+      expect(result).toContain('₱');
+    });
+
+    it('respects custom options', () => {
+      const result = formatCurrency(1000.5, 'USD', 'en-US', {
+        minimumFractionDigits: 2,
+        maximumFractionDigits: 2,
+      });
+      expect(result).toContain('1,000.50');
+    });
+
+    it('handles zero amount', () => {
+      const result = formatCurrency(0);
+      expect(result).toContain('0');
+    });
+  });
+});

package/src/__tests__/html-sanitizer.test.ts

@@ -0,0 +1,360 @@
+/**
+ * @vitest-environment jsdom
+ */
+import { describe, expect, it } from 'vitest';
+import { containsHtml, sanitizeHtml, textToHtml } from '../html-sanitizer';
+
+describe('sanitizeHtml', () => {
+  describe('basic functionality', () => {
+    it('should return empty string for empty input', () => {
+      expect(sanitizeHtml('')).toBe('');
+    });
+
+    it('should return empty string for null/undefined-like input', () => {
+      expect(sanitizeHtml(null as unknown as string)).toBe('');
+      expect(sanitizeHtml(undefined as unknown as string)).toBe('');
+    });
+
+    it('should preserve plain text', () => {
+      expect(sanitizeHtml('Hello World')).toBe('Hello World');
+    });
+
+    it('should preserve text with special characters', () => {
+      expect(sanitizeHtml('Hello & World < Test > Quote "test"')).toBe(
+        'Hello &amp; World &lt; Test &gt; Quote "test"'
+      );
+    });
+  });
+
+  describe('allowed tags', () => {
+    it('should allow <p> tags', () => {
+      expect(sanitizeHtml('<p>Paragraph</p>')).toBe('<p>Paragraph</p>');
+    });
+
+    it('should allow <br> tags', () => {
+      expect(sanitizeHtml('Line 1<br>Line 2')).toBe('Line 1<br>Line 2');
+    });
+
+    it('should allow <strong> and <b> tags', () => {
+      expect(sanitizeHtml('<strong>Bold</strong>')).toBe(
+        '<strong>Bold</strong>'
+      );
+      expect(sanitizeHtml('<b>Bold</b>')).toBe('<b>Bold</b>');
+    });
+
+    it('should allow <em> and <i> tags', () => {
+      expect(sanitizeHtml('<em>Italic</em>')).toBe('<em>Italic</em>');
+      expect(sanitizeHtml('<i>Italic</i>')).toBe('<i>Italic</i>');
+    });
+
+    it('should allow <u> tags', () => {
+      expect(sanitizeHtml('<u>Underline</u>')).toBe('<u>Underline</u>');
+    });
+
+    it('should allow list tags', () => {
+      expect(sanitizeHtml('<ul><li>Item 1</li><li>Item 2</li></ul>')).toBe(
+        '<ul><li>Item 1</li><li>Item 2</li></ul>'
+      );
+      expect(sanitizeHtml('<ol><li>Item 1</li><li>Item 2</li></ol>')).toBe(
+        '<ol><li>Item 1</li><li>Item 2</li></ol>'
+      );
+    });
+
+    it('should allow <span> tags with class attribute', () => {
+      expect(sanitizeHtml('<span class="highlight">Text</span>')).toBe(
+        '<span class="highlight">Text</span>'
+      );
+    });
+
+    it('should allow <div> tags with class attribute', () => {
+      expect(sanitizeHtml('<div class="container">Content</div>')).toBe(
+        '<div class="container">Content</div>'
+      );
+    });
+
+    it('should allow nested allowed tags', () => {
+      const input = '<p><strong>Bold <em>and italic</em></strong></p>';
+      expect(sanitizeHtml(input)).toBe(
+        '<p><strong>Bold <em>and italic</em></strong></p>'
+      );
+    });
+  });
+
+  describe('link sanitization', () => {
+    it('should allow <a> tags with safe href', () => {
+      const result = sanitizeHtml('<a href="https://example.com">Link</a>');
+      expect(result).toContain('href="https://example.com"');
+      expect(result).toContain('rel="noopener noreferrer"');
+      expect(result).toContain('target="_blank"');
+    });
+
+    it('should allow http links', () => {
+      const result = sanitizeHtml('<a href="http://example.com">Link</a>');
+      expect(result).toContain('href="http://example.com"');
+    });
+
+    it('should allow mailto links', () => {
+      const result = sanitizeHtml(
+        '<a href="mailto:test@example.com">Email</a>'
+      );
+      expect(result).toContain('href="mailto:test@example.com"');
+    });
+
+    it('should allow relative URLs', () => {
+      expect(sanitizeHtml('<a href="/page">Link</a>')).toContain(
+        'href="/page"'
+      );
+      expect(sanitizeHtml('<a href="./page">Link</a>')).toContain(
+        'href="./page"'
+      );
+      expect(sanitizeHtml('<a href="../page">Link</a>')).toContain(
+        'href="../page"'
+      );
+    });
+
+    it('should preserve title attribute on links', () => {
+      const result = sanitizeHtml(
+        '<a href="https://example.com" title="Example">Link</a>'
+      );
+      expect(result).toContain('title="Example"');
+    });
+  });
+
+  describe('XSS prevention', () => {
+    it('should remove javascript: URLs', () => {
+      const result = sanitizeHtml('<a href="javascript:alert(1)">Click</a>');
+      expect(result).not.toContain('javascript:');
+      expect(result).not.toContain('href');
+    });
+
+    it('should remove data: URLs', () => {
+      const result = sanitizeHtml(
+        '<a href="data:text/html,<script>alert(1)</script>">Click</a>'
+      );
+      expect(result).not.toContain('data:');
+    });
+
+    it('should remove vbscript: URLs', () => {
+      const result = sanitizeHtml('<a href="vbscript:msgbox(1)">Click</a>');
+      expect(result).not.toContain('vbscript:');
+    });
+
+    it('should remove <script> tags', () => {
+      const result = sanitizeHtml('<script>alert("xss")</script>');
+      expect(result).not.toContain('<script>');
+      expect(result).not.toContain('</script>');
+    });
+
+    it('should remove <script> tags and preserve text content', () => {
+      const result = sanitizeHtml(
+        '<p>Before</p><script>alert(1)</script><p>After</p>'
+      );
+      expect(result).toContain('Before');
+      expect(result).toContain('After');
+      expect(result).not.toContain('<script>');
+    });
+
+    it('should remove event handler attributes', () => {
+      // onclick is not in allowed attributes, so it should be removed
+      const result = sanitizeHtml('<div onclick="alert(1)">Click me</div>');
+      expect(result).not.toContain('onclick');
+    });
+
+    it('should remove onerror handlers', () => {
+      const result = sanitizeHtml('<img src="x" onerror="alert(1)">');
+      expect(result).not.toContain('onerror');
+    });
+
+    it('should remove <iframe> tags', () => {
+      const result = sanitizeHtml('<iframe src="https://evil.com"></iframe>');
+      expect(result).not.toContain('<iframe');
+    });
+
+    it('should remove <object> tags', () => {
+      const result = sanitizeHtml('<object data="evil.swf"></object>');
+      expect(result).not.toContain('<object');
+    });
+
+    it('should remove <embed> tags', () => {
+      const result = sanitizeHtml('<embed src="evil.swf">');
+      expect(result).not.toContain('<embed');
+    });
+
+    it('should remove <form> tags', () => {
+      const result = sanitizeHtml(
+        '<form action="https://evil.com"><input></form>'
+      );
+      expect(result).not.toContain('<form');
+    });
+
+    it('should remove <style> tags', () => {
+      const result = sanitizeHtml(
+        '<style>body { background: red; }</style><p>Text</p>'
+      );
+      expect(result).not.toContain('<style>');
+      expect(result).toContain('<p>Text</p>');
+    });
+
+    it('should handle case-insensitive dangerous tags', () => {
+      const result = sanitizeHtml('<SCRIPT>alert(1)</SCRIPT>');
+      expect(result).not.toContain('<SCRIPT>');
+      expect(result).not.toContain('<script>');
+    });
+
+    it('should handle mixed case javascript URLs', () => {
+      const result = sanitizeHtml('<a href="JaVaScRiPt:alert(1)">Click</a>');
+      expect(result).not.toContain('javascript');
+      expect(result).not.toContain('JaVaScRiPt');
+    });
+  });
+
+  describe('disallowed tags', () => {
+    it('should remove <img> tags but keep alt text', () => {
+      const result = sanitizeHtml('<img src="image.jpg" alt="Description">');
+      expect(result).not.toContain('<img');
+    });
+
+    it('should remove <video> tags', () => {
+      const result = sanitizeHtml(
+        '<video src="video.mp4">Video content</video>'
+      );
+      expect(result).not.toContain('<video');
+      expect(result).toContain('Video content');
+    });
+
+    it('should remove <audio> tags', () => {
+      const result = sanitizeHtml(
+        '<audio src="audio.mp3">Audio content</audio>'
+      );
+      expect(result).not.toContain('<audio');
+    });
+
+    it('should remove <table> tags but keep content', () => {
+      const result = sanitizeHtml('<table><tr><td>Cell</td></tr></table>');
+      expect(result).not.toContain('<table');
+      expect(result).toContain('Cell');
+    });
+  });
+
+  describe('attribute filtering', () => {
+    it('should remove style attributes', () => {
+      const result = sanitizeHtml(
+        '<p style="color: red; background: url(evil.com)">Text</p>'
+      );
+      expect(result).not.toContain('style=');
+    });
+
+    it('should remove id attributes', () => {
+      const result = sanitizeHtml('<p id="test">Text</p>');
+      expect(result).not.toContain('id=');
+    });
+
+    it('should only allow class on span and div', () => {
+      const result1 = sanitizeHtml('<span class="test">Text</span>');
+      expect(result1).toContain('class="test"');
+
+      const result2 = sanitizeHtml('<p class="test">Text</p>');
+      expect(result2).not.toContain('class=');
+    });
+  });
+
+  describe('complex scenarios', () => {
+    it('should handle deeply nested content', () => {
+      const input =
+        '<div><p><strong><em><u>Deeply nested</u></em></strong></p></div>';
+      const result = sanitizeHtml(input);
+      expect(result).toContain('Deeply nested');
+      expect(result).toContain('<strong>');
+      expect(result).toContain('<em>');
+      expect(result).toContain('<u>');
+    });
+
+    it('should handle mixed allowed and disallowed content', () => {
+      const input =
+        '<p>Safe</p><script>evil()</script><strong>Also safe</strong>';
+      const result = sanitizeHtml(input);
+      expect(result).toContain('<p>Safe</p>');
+      expect(result).toContain('<strong>Also safe</strong>');
+      expect(result).not.toContain('<script>');
+    });
+
+    it('should handle malformed HTML gracefully', () => {
+      const input = '<p>Unclosed paragraph<strong>Bold without close';
+      const result = sanitizeHtml(input);
+      expect(result).toContain('Unclosed paragraph');
+      expect(result).toContain('Bold without close');
+    });
+  });
+});
+
+describe('textToHtml', () => {
+  it('should convert newlines to <br> tags', () => {
+    expect(textToHtml('Line 1\nLine 2')).toBe('Line 1<br>Line 2');
+  });
+
+  it('should convert multiple newlines', () => {
+    expect(textToHtml('Line 1\nLine 2\nLine 3')).toBe(
+      'Line 1<br>Line 2<br>Line 3'
+    );
+  });
+
+  it('should handle empty string', () => {
+    expect(textToHtml('')).toBe('');
+  });
+
+  it('should handle string without newlines', () => {
+    expect(textToHtml('No newlines here')).toBe('No newlines here');
+  });
+
+  it('should handle consecutive newlines', () => {
+    expect(textToHtml('Line 1\n\nLine 3')).toBe('Line 1<br><br>Line 3');
+  });
+
+  it('should handle Windows-style line endings (CRLF)', () => {
+    // Note: This function only handles \n, not \r\n
+    expect(textToHtml('Line 1\r\nLine 2')).toBe('Line 1\r<br>Line 2');
+  });
+});
+
+describe('containsHtml', () => {
+  it('should return true for strings with HTML tags', () => {
+    expect(containsHtml('<p>Text</p>')).toBe(true);
+    expect(containsHtml('<br>')).toBe(true);
+    expect(containsHtml('<div class="test">Content</div>')).toBe(true);
+  });
+
+  it('should return true for self-closing tags', () => {
+    expect(containsHtml('<br/>')).toBe(true);
+    expect(containsHtml('<img src="test.jpg"/>')).toBe(true);
+  });
+
+  it('should return false for plain text', () => {
+    expect(containsHtml('Plain text')).toBe(false);
+    expect(containsHtml('Hello World')).toBe(false);
+  });
+
+  it('should return false for empty string', () => {
+    expect(containsHtml('')).toBe(false);
+  });
+
+  it('should return true for angle brackets that form tags', () => {
+    // Note: The simple regex /<[^>]+>/g matches anything that looks like a tag
+    // This includes "5 < 10 and 20 >" because "< 10 and 20 >" matches the pattern
+    expect(containsHtml('5 < 10 and 20 > 15')).toBe(true); // Regex sees this as a tag
+    expect(containsHtml('Use <tag> for markup')).toBe(true);
+  });
+
+  it('should handle incomplete angle brackets', () => {
+    // The simple regex matches anything between < and >
+    expect(containsHtml('Less than < greater than >')).toBe(true); // Matches "< greater than >"
+    expect(containsHtml('Arrow -> direction')).toBe(false); // No < before >
+  });
+
+  it('should return true for script tags', () => {
+    expect(containsHtml('<script>alert(1)</script>')).toBe(true);
+  });
+
+  it('should return true for tags with attributes', () => {
+    expect(containsHtml('<a href="https://example.com">Link</a>')).toBe(true);
+  });
+});