Desktop: Security: Fixes #6004: Prevent XSS in Goto Anything

packages/renderer/htmlUtils.test.ts

@@ -0,0 +1,32 @@
+import htmlUtils from './htmlUtils';
+
+describe('htmlUtils', () => {
+
+	test('should strip off HTML', () => {
+		const testCases = [
+			[
+				'',
+				'',
+			],
+			[
+				'<b>test</b>',
+				'test',
+			],
+			[
+				'Joplin&circledR;',
+				'Joplin®',
+			],
+			[
+				'&lt;b&gttest&lt;/b&gt',
+				'&lt;b>test&lt;/b>',
+			],
+		];
+
+		for (const t of testCases) {
+			const [input, expected] = t;
+			const actual = htmlUtils.stripHtml(input);
+			expect(actual).toBe(expected);
+		}
+	});
+
+});