package sanitize import ( "strings" "testing" ) func TestSanitizeHTML_stripsScriptTags(t *testing.T) { in := `

Hello

World` got := SanitizeHTML(in) if strings.Contains(got, "script") { t.Fatalf("expected script removed, got %q", got) } if !strings.Contains(got, "Hello") || !strings.Contains(got, "World") { t.Fatalf("expected safe content preserved, got %q", got) } } func TestSanitizeHTML_stripsJavascriptURLs(t *testing.T) { in := `click

` got := SanitizeHTML(in) if strings.Contains(strings.ToLower(got), "javascript:") { t.Fatalf("expected javascript: URLs removed, got %q", got) } } func TestSanitizeHTML_preservesSafeContent(t *testing.T) { in := `

link

` got := SanitizeHTML(in) if !strings.Contains(got, `href="https://example.com"`) { t.Fatalf("expected safe link preserved, got %q", got) } if !strings.Contains(got, `src="https://example.com/a.png"`) { t.Fatalf("expected safe image preserved, got %q", got) } } func TestSanitizeHTML_empty(t *testing.T) { if got := SanitizeHTML(""); got != "" { t.Fatalf("expected empty string, got %q", got) } }