Summary of What Needs to be Done: Add unit tests for the pure HTML sanitization and validation utilities exported from src/lib/sanitize.ts: the stripHtml() and validateTextInput() functions.
Changes that Need to be Made: Create test/sanitize.test.ts using vitest. Test stripHtml(): plain text (no change), text with HTML tags (tags stripped), text with HTML entities (lt, gt, amp, quot, #x27, #39 decoded), text with mixed tags and entities, empty string. Test validateTextInput(): non-string type returns error, empty string returns error, string over maxLen returns error with correct message, valid string returns ok=true with stripped value, string with HTML injection (script tags) returns stripped value and ok=true.
Impact that it would Provide: Provides test coverage for input sanitization used across form validation. Guards against HTML injection vulnerabilities by ensuring stripHtml() is called correctly. Documents expected validation behavior.
Summary of What Needs to be Done: Add unit tests for the pure HTML sanitization and validation utilities exported from src/lib/sanitize.ts: the stripHtml() and validateTextInput() functions.
Changes that Need to be Made: Create test/sanitize.test.ts using vitest. Test stripHtml(): plain text (no change), text with HTML tags (tags stripped), text with HTML entities (lt, gt, amp, quot, #x27, #39 decoded), text with mixed tags and entities, empty string. Test validateTextInput(): non-string type returns error, empty string returns error, string over maxLen returns error with correct message, valid string returns ok=true with stripped value, string with HTML injection (script tags) returns stripped value and ok=true.
Impact that it would Provide: Provides test coverage for input sanitization used across form validation. Guards against HTML injection vulnerabilities by ensuring stripHtml() is called correctly. Documents expected validation behavior.