20 lines
975 B
JavaScript
20 lines
975 B
JavaScript
const assert = require('node:assert/strict');
|
|
const fs = require('node:fs');
|
|
const path = require('node:path');
|
|
const test = require('node:test');
|
|
|
|
const root = path.join(__dirname, '..');
|
|
|
|
test('admin HTML escape helper also escapes single quotes for attribute contexts', () => {
|
|
const source = fs.readFileSync(path.join(root, 'public', 'js', 'admin.js'), 'utf8');
|
|
assert.match(source, /function adminEscapeHtml\(str\)[\s\S]+replace\(\/\'\/g, '''\)/);
|
|
});
|
|
|
|
test('billing E/M suggestion fields are escaped before innerHTML insertion', () => {
|
|
const source = fs.readFileSync(path.join(root, 'public', 'js', 'app.js'), 'utf8');
|
|
assert.match(source, /Level ' \+ escHtml\(data\.emLevel\.level\)/);
|
|
assert.match(source, /MDM: ' \+ escHtml\(data\.emLevel\.complexity\)/);
|
|
assert.match(source, /escHtml\(data\.emLevel\.diagnosisCount\)/);
|
|
assert.match(source, /escHtml\(data\.emLevel\.rosCount\)/);
|
|
assert.match(source, /escHtml\(data\.emLevel\.peCount\)/);
|
|
});
|