larvit/plainpages
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Consolidate tests (todo §2); merge HTTP static tests, fold 403 render into the live gated route, unify resolveViewPath cases

Browse Source
This commit is contained in:
Lilleman auf Larv
2026-06-16 16:42:46 +02:00
parent 9489bd124b
commit a602f794d1
3 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/view-resolver.test.ts
View File

@@ -8,16 +8,13 @@ import { renderPluginView, resolveViewPath } from "./view-resolver.ts";
const coreViewsDir = join(dirname(fileURLToPath(import.meta.url)), "..", "views");
test("resolveViewPath resolves names + nested subfolders within the plugin's views dir", () => {
test("resolveViewPath resolves names/nested subfolders within the views dir, rejects traversal + control chars", () => {
const dir = "/srv/plugins";
assert.equal(resolveViewPath(dir, "demo", "page"), "/srv/plugins/demo/views/page.ejs");
assert.equal(resolveViewPath(dir, "demo", "shifts/edit"), "/srv/plugins/demo/views/shifts/edit.ejs");
assert.equal(resolveViewPath(dir, "demo", "page.ejs"), "/srv/plugins/demo/views/page.ejs"); // extension not doubled
});
test("resolveViewPath rejects traversal and control chars", () => {
assert.equal(resolveViewPath("/srv/plugins", "demo", "../../secret"), null);
assert.equal(resolveViewPath("/srv/plugins", "demo", "a\x00b"), null);
assert.equal(resolveViewPath(dir, "demo", "../../secret"), null); // traversal escapes the dir
assert.equal(resolveViewPath(dir, "demo", "a\x00b"), null); // control char
});
test("renderPluginView: a (nested) view includes a core building-block partial and its own partial", async (t: TestContext) => {