From a4318b3f15c2805050fb068de45c053af396f41f Mon Sep 17 00:00:00 2001
From: Yuki Hattori <yukihattori1116@gmail.com>
Date: Sun, 10 Sep 2023 08:29:27 +0900
Subject: [PATCH] Add test case about HTML injection for rendering <figcaption>

---
 test/markdown/background_image.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/test/markdown/background_image.js b/test/markdown/background_image.js
index cd5dbfe..4d866b8 100644
--- a/test/markdown/background_image.js
+++ b/test/markdown/background_image.js
@@ -212,6 +212,7 @@ describe('Marpit background image plugin', () => {
           ![bg fit  The background image](A)
           ![This is bg 20% w:40% xxxxx](B)
           ![    bg      ](C)
+          ![bg <b>should <br /> escape</b>](D)
         `),
       )
       const figures = $('figure')
@@ -222,7 +223,14 @@ describe('Marpit background image plugin', () => {
       )
       expect(figures.eq(1).is(':has(figcaption)')).toBe(true)
       expect(figures.eq(1).find('figcaption').text()).toBe('This is xxxxx')
+
+      // Ignore whitespaces
       expect(figures.eq(2).is(':has(figcaption)')).toBe(false)
+
+      // XSS
+      expect(figures.eq(3).is(':has(figcaption)')).toBe(true)
+      expect(figures.eq(3).is(':has(b)')).toBe(false)
+      expect(figures.eq(3).is(':has(br)')).toBe(false)
     })
 
     it('assigns background-size style with resizing keyword / scale', () => {