pediatric-ai-scribe-v3/test/frontend-rendering-safety.test.js

20 lines
975 B
JavaScript

const assert = require('node:assert/strict');
const fs = require('node:fs');
const path = require('node:path');
const test = require('node:test');
const root = path.join(__dirname, '..');
test('admin HTML escape helper also escapes single quotes for attribute contexts', () => {
const source = fs.readFileSync(path.join(root, 'public', 'js', 'admin.js'), 'utf8');
assert.match(source, /function adminEscapeHtml\(str\)[\s\S]+replace\(\/\'\/g, '''\)/);
});
test('billing E/M suggestion fields are escaped before innerHTML insertion', () => {
const source = fs.readFileSync(path.join(root, 'public', 'js', 'app.js'), 'utf8');
assert.match(source, /Level ' \+ escHtml\(data\.emLevel\.level\)/);
assert.match(source, /MDM: ' \+ escHtml\(data\.emLevel\.complexity\)/);
assert.match(source, /escHtml\(data\.emLevel\.diagnosisCount\)/);
assert.match(source, /escHtml\(data\.emLevel\.rosCount\)/);
assert.match(source, /escHtml\(data\.emLevel\.peCount\)/);
});