import { afterAll, describe, expect, test } from "bun:test";
import { config } from "~/config.ts";
import { generateClient, getTestUsers } from "~/tests/utils";
const { users, deleteUsers } = await getTestUsers(1);
afterAll(async () => {
await deleteUsers();
});
// /api/v1/accounts/update_credentials
describe("/api/v1/accounts/update_credentials", () => {
describe("HTML injection testing", () => {
test("should not allow HTML injection", async () => {
await using client = await generateClient(users[0]);
const { ok, data } = await client.updateCredentials({
note: "Hi! ",
});
expect(ok).toBe(true);
expect(data.note).toBe(
"Hi! <script>alert('Hello, world!');</script>
\n",
);
});
test("should rewrite all image and video src to go through proxy", async () => {
await using client = await generateClient(users[0]);
const { ok, data } = await client.updateCredentials({
note: "