marcel/familienarchiv
1
0
Fork 0
Code Issues 108 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bcf95e43999c22d2994d00991ec04a9abf356b73
familienarchiv/frontend/src/lib/timeline/timeline-no-raw-html.spec.ts
Marcel bf73d8de55
Some checks failed
CI / Unit & Component Tests (pull_request) Failing after 42s
Details
CI / OCR Service Tests (pull_request) Successful in 25s
Details
CI / Backend Unit Tests (pull_request) Successful in 6m14s
Details
CI / fail2ban Regex (pull_request) Successful in 48s
Details
CI / Semgrep Security Scan (pull_request) Successful in 27s
Details
CI / Compose Bucket Idempotency (pull_request) Successful in 1m8s
Details
SDD Gate / RTM Check (pull_request) Successful in 15s
Details
SDD Gate / Contract Validate (pull_request) Successful in 27s
Details
SDD Gate / Constitution Impact (pull_request) Successful in 19s
Details
test(timeline): add the {@html} grep gate; docs(rtm): trace #850 REQ-001..013 
The grep gate fails if any lib/timeline component reaches for the raw-HTML
directive (CWE-79, REQ-010). The RTM gains thirteen rows tracing every #850
requirement to its implementation file(s) and test(s), Status Done.

Refs #850
2026-06-15 20:49:28 +02:00

25 lines
1.1 KiB
TypeScript
Raw Blame History

import { describe, it, expect } from 'vitest';
import { readdirSync, readFileSync } from 'node:fs';
import { fileURLToPath } from 'node:url';
import { dirname, join } from 'node:path';
const timelineDir = dirname(fileURLToPath(import.meta.url));
/**
* REQ-010 / CWE-79: inline event clustering renders curator event titles and import-derived
* letter titles + sender/receiver text through every component under lib/timeline (the reused
* LetterCard, the new EventCluster card, the existing pills/bands/strip). That text must always
* render through Svelte's default `{...}` escaping — never `{@html}`. This grep gate fails loudly
* the moment any timeline component reaches for the raw-HTML directive.
*/
describe('lib/timeline never uses {@html} (REQ-010)', () => {
it('no timeline component contains the raw-HTML directive', () => {
const components = readdirSync(timelineDir).filter((file) => file.endsWith('.svelte'));
expect(components.length).toBeGreaterThan(0);
const offenders = components.filter((file) =>
readFileSync(join(timelineDir, file), 'utf8').includes('{@html')
);
expect(offenders).toEqual([]);
});
});
Reference in New Issue View Git Blame Copy Permalink