From 7680bb8c2784f2f250ba945bc95c68dc4138cca3 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Thu, 29 Aug 2024 13:39:55 +0200
Subject: [PATCH] Improved the test coverage for the URL sanitizer

---
 tests/utils/urlSanitizer.test.js | 48 ++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/tests/utils/urlSanitizer.test.js b/tests/utils/urlSanitizer.test.js
index 79f5bd6..1206517 100644
--- a/tests/utils/urlSanitizer.test.js
+++ b/tests/utils/urlSanitizer.test.js
@@ -51,4 +51,52 @@ describe("URL sanitizer", () => {
   test('should return "/" for empty sanitized resource', () => {
     expect(sanitizeURL("/../..")).toBe("/");
   });
+
+  test("should encode special characters", () => {
+    expect(sanitizeURL("/test<path>")).toBe("/test%3Cpath%3E");
+    expect(sanitizeURL("/test^path")).toBe("/test%5Epath");
+    expect(sanitizeURL("/test`path")).toBe("/test%60path");
+    expect(sanitizeURL("/test{path}")).toBe("/test%7Bpath%7D");
+    expect(sanitizeURL("/test|path")).toBe("/test%7Cpath");
+  });
+
+  test("should preserve certain characters", () => {
+    expect(sanitizeURL("/test!path")).toBe("/test!path");
+    expect(sanitizeURL("/test$path")).toBe("/test$path");
+    expect(sanitizeURL("/test&path")).toBe("/test&path");
+    expect(sanitizeURL("/test-path")).toBe("/test-path");
+    expect(sanitizeURL("/test=path")).toBe("/test=path");
+    expect(sanitizeURL("/test@path")).toBe("/test@path");
+    expect(sanitizeURL("/test_path")).toBe("/test_path");
+    expect(sanitizeURL("/test~path")).toBe("/test~path");
+  });
+
+  test("should decode URL-encoded characters while preserving certain characters", () => {
+    expect(sanitizeURL("/test%20path")).toBe("/test%20path");
+    expect(sanitizeURL("/test%21path")).toBe("/test!path");
+    expect(sanitizeURL("/test%22path")).toBe("/test%22path");
+    expect(sanitizeURL("/test%24path")).toBe("/test$path");
+    expect(sanitizeURL("/test%25path")).toBe("/test%25path");
+    expect(sanitizeURL("/test%26path")).toBe("/test&path");
+    expect(sanitizeURL("/test%2Dpath")).toBe("/test-path");
+    expect(sanitizeURL("/test%3Cpath")).toBe("/test%3Cpath");
+    expect(sanitizeURL("/test%3Dpath")).toBe("/test=path");
+    expect(sanitizeURL("/test%3Epath")).toBe("/test%3Epath");
+    expect(sanitizeURL("/test%40path")).toBe("/test@path");
+    expect(sanitizeURL("/test%5Fpath")).toBe("/test_path");
+    expect(sanitizeURL("/test%7Dpath")).toBe("/test%7Dpath");
+    expect(sanitizeURL("/test%7Epath")).toBe("/test~path");
+  });
+
+  test("should decode URL-encoded alphanumeric characters while preserving certain characters", () => {
+    expect(sanitizeURL("/conf%69g.json")).toBe("/config.json");
+    expect(sanitizeURL("/CONF%49G.JSON")).toBe("/CONFIG.JSON");
+    expect(sanitizeURL("/svr%32.js")).toBe("/svr2.js");
+    expect(sanitizeURL("/%73%76%72%32%2E%6A%73")).toBe("/svr2.js");
+  });
+
+  test("should decode URL-encoded characters regardless of the letter case of the URL encoding", () => {
+    expect(sanitizeURL("/%5f")).toBe("/_");
+    expect(sanitizeURL("/%5F")).toBe("/_");
+  });
 });