diff --git a/src/scripts/components/input.js b/src/scripts/components/input.js index 096f3e9..cf21756 100644 --- a/src/scripts/components/input.js +++ b/src/scripts/components/input.js @@ -1,4 +1,4 @@ -import { calcWidthOfInput } from '../lib/utils'; +import { calcWidthOfInput, stripHTML } from '../lib/utils'; export default class Input { constructor({ element, type, classNames, placeholderValue }) { @@ -25,7 +25,7 @@ export default class Input { } get value() { - return this.element.value; + return stripHTML(this.element.value); } addEventListeners() { @@ -119,23 +119,11 @@ export default class Input { this.element.removeAttribute('aria-activedescendant'); } - /** - * Input event - * @return - * @private - */ _onInput() { if (this.type !== 'select-one') { this.setWidth(); } } - - /** - * Paste event - * @param {Object} e Event - * @return - * @private - */ _onPaste(e) { // Disable pasting into the input if option has been set if (e.target === this.element && this.preventPaste) { diff --git a/src/scripts/components/input.test.js b/src/scripts/components/input.test.js index 928ba02..62a228d 100644 --- a/src/scripts/components/input.test.js +++ b/src/scripts/components/input.test.js @@ -75,7 +75,7 @@ describe('components/input', () => { }); }); - describe('onInput', () => { + describe('_onInput', () => { let setWidthStub; beforeEach(() => { @@ -103,7 +103,7 @@ describe('components/input', () => { }); }); - describe('onPaste', () => { + describe('_onPaste', () => { let eventMock; beforeEach(() => { @@ -130,7 +130,7 @@ describe('components/input', () => { }); }); - describe('onFocus', () => { + describe('_onFocus', () => { it('sets isFocussed flag to true', () => { expect(instance.isFocussed).to.equal(false); instance._onFocus(); @@ -138,7 +138,7 @@ describe('components/input', () => { }); }); - describe('onBlur', () => { + describe('_onBlur', () => { it('sets isFocussed flag to false', () => { instance.isFocussed = true; instance._onBlur(); @@ -342,8 +342,15 @@ describe('components/input', () => { it('sets value of element to passed value', () => { const value = 'test'; instance.element.value = value; - const actualResponse = instance.value; - expect(actualResponse).to.equal(value); + expect(instance.value).to.equal(value); + }); + + it('strips HTML from value', () => { + const value = ''; + instance.element.value = value; + expect(instance.value).to.equal( + '<script&rt;somethingMalicious();</script&rt;', + ); }); });