import docsifyInit from '../helpers/docsify-init.js';
import { test, expect } from './fixtures/docsify-init-fixture.js';

test.describe('Security - Cross Site Scripting (XSS)', () => {
  const sharedOptions = {
    markdown: {
      homepage: '# Hello World',
    },
    routes: {
      'test.md': '# Test Page',
    },
  };
  const slashStrings = ['//', '///'];

  for (const slashString of slashStrings) {
    const hash = `#${slashString}domain.com/file.md`;

    test(`should not load remote content from hash (${hash})`, async ({
      page,
    }) => {
      const mainElm = page.locator('#main');

      await docsifyInit(sharedOptions);
      await expect(mainElm).toContainText('Hello World');
      await page.evaluate(() => (location.hash = '#/test'));
      await expect(mainElm).toContainText('Test Page');
      await page.evaluate(newHash => {
        location.hash = newHash;
      }, hash);
      await expect(mainElm).toContainText('Hello World');
      expect(page.url()).toMatch(/#\/$/);
    });
  }
});