package sanitize import ( "strings" "testing" ) func TestSanitizeHTML_stripsScriptTags(t *testing.T) { in := `

Hello

World` got := SanitizeHTML(in) if strings.Contains(got, "script") { t.Fatalf("expected script removed, got %q", got) } if !strings.Contains(got, "Hello") || !strings.Contains(got, "World") { t.Fatalf("expected safe content preserved, got %q", got) } } func TestSanitizeHTML_stripsJavascriptURLs(t *testing.T) { in := `click

` got := SanitizeHTML(in) if strings.Contains(strings.ToLower(got), "javascript:") { t.Fatalf("expected javascript: URLs removed, got %q", got) } } func TestSanitizeHTML_preservesSafeContent(t *testing.T) { in := `

link

` got := SanitizeHTML(in) if !strings.Contains(got, `href="https://example.com"`) { t.Fatalf("expected safe link preserved, got %q", got) } if !strings.Contains(got, `src="https://example.com/a.png"`) { t.Fatalf("expected safe image preserved, got %q", got) } } func TestSanitizeHTML_preservesEmailStyles(t *testing.T) { in := `` + `

Promo

` got := SanitizeHTML(in) if !strings.Contains(got, "font-family:Arial") { t.Fatalf("expected style block preserved, got %q", got) } if !strings.Contains(got, `class="title"`) { t.Fatalf("expected class preserved, got %q", got) } if !strings.Contains(got, `style="font-size:16px`) { t.Fatalf("expected inline style preserved, got %q", got) } } func TestSanitizeHTML_stripsJavascriptInCSS(t *testing.T) { in := `

` got := SanitizeHTML(in) if strings.Contains(strings.ToLower(got), "javascript:") { t.Fatalf("expected javascript css url stripped, got %q", got) } if !strings.Contains(got, `

`) { t.Fatalf("expected content preserved, got %q", got) } } func TestSanitizeHTML_preservesStylesheetLink(t *testing.T) { in := `

` got := SanitizeHTML(in) if !strings.Contains(got, `href="https://cdn.example.com/campaign.css"`) { t.Fatalf("expected stylesheet link preserved, got %q", got) } } func TestSanitizeHTML_empty(t *testing.T) { if got := SanitizeHTML(""); got != "" { t.Fatalf("expected empty string, got %q", got) } }