From 6633e23aa30873cc1fb6da356e87cfa6f2395447 Mon Sep 17 00:00:00 2001
From: Calvin Montgomery <calzoneman@gmail.com>
Date: Sat, 17 Jun 2017 09:39:58 -0700
Subject: [PATCH] Add characterization test for sanitize-html

At various times in the past, upgrades in the sanitize-html library that
changed behavior of HTML filtering have caused things like emotes to
break unexpectedly.  This commit adds a basic test to sanitize
non-alphanumeric characters found in channels' emote codes so that if
the library changes, the test will break and give a heads up that
something changed.
---
 package.json |  2 +-
 test/xss.js  | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 test/xss.js

diff --git a/package.json b/package.json
index 658a65d8..e0bf0113 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Calvin Montgomery",
   "name": "CyTube",
   "description": "Online media synchronizer and chat",
-  "version": "3.38.1",
+  "version": "3.38.2",
   "repository": {
     "url": "http://github.com/calzoneman/sync"
   },
diff --git a/test/xss.js b/test/xss.js
new file mode 100644
index 00000000..3fc20970
--- /dev/null
+++ b/test/xss.js
@@ -0,0 +1,12 @@
+const assert = require('assert');
+const XSS = require('../lib/xss');
+
+describe('XSS', () => {
+    describe('sanitizeHTML', () => {
+        it('behaves consistently w.r.t. special chars used in emotes', () => {
+            const input    = '`^~=| _-,;:!?/."()[]{}@$*\\&#%+á\t';
+            const expected = '`^~=| _-,;:!?/.&quot;()[]{}@$*\\\\&amp;#%+á\t';
+            assert.strictEqual(XSS.sanitizeHTML(input), expected);
+        });
+    });
+});