Spaces:
Running
Running
| import { describe, expect, it } from 'vitest'; | |
| import { prepareHtmlArtifact } from './agent-tools'; | |
| describe('prepareHtmlArtifact', () => { | |
| it('injects a deny-by-default CSP while preserving source for the code view', () => { | |
| const source = '<html><head><title>x</title></head><body><script>document.body.dataset.ok="1"</script></body></html>'; | |
| const artifact = prepareHtmlArtifact(source, 'Demo', 'artifact-1'); | |
| expect(artifact.source).toBe(source); | |
| expect(artifact.sandboxedSource).toMatch(/^<!doctype html><html><head><meta http-equiv="Content-Security-Policy"/); | |
| expect(artifact.sandboxedSource.indexOf('Content-Security-Policy')).toBeLessThan(artifact.sandboxedSource.indexOf(source)); | |
| expect(artifact.sandboxedSource).toContain("default-src 'none'"); | |
| expect(artifact.sandboxedSource).toContain("connect-src 'none'"); | |
| expect(artifact.sandboxedSource).toContain("script-src 'none'"); | |
| expect(artifact.sandboxedSource).not.toContain("script-src 'unsafe-inline'"); | |
| expect(artifact.title).toBe('Demo'); | |
| }); | |
| it('rejects artifacts larger than the client-side safety bound', () => { | |
| expect(() => prepareHtmlArtifact('x'.repeat(256 * 1024 + 1), 'large', 'artifact-2')).toThrow( | |
| 'exceeds 256 KiB', | |
| ); | |
| }); | |
| }); | |