const MarkdownIt = require('markdown-it'); const { expect } = require('chai'); const { JSDOM } = require('jsdom'); const MarkdownItKroki = require('../../index'); describe('# [Security-test] anti-injecttion for syntax.', () => { describe("## for alt", () => { it('* escape double quote', () => { const expected = 'this is a "test comment" test'; const md = new MarkdownIt(); md.use(MarkdownItKroki, { entrypoint: "https://kroki.io", marpAutoScaling: true, containerClass: "the-container" }); const result = md.render( '```graphviz [this is a "test comment" test]\r\n' + 'digraph G {Hello->World}\r\n' + '```\r\n' ); const dom = new JSDOM(result); const imgTag = dom.window.document.getElementsByTagName("img")[0]; const actual = imgTag.getAttribute('alt'); expect(actual).to.be.equal(expected); }) }) }); describe('# [Security-test] anti-injecttion for option.', () => { describe("## for entrypoint", () => { it('* deny invalid URL', () => { const md = new MarkdownIt(); md.use(MarkdownItKroki, { entrypoint: "https://kroki.io\">