move util in a util folder with the sanitizer

js/tests/unit/.eslintrc.json

@@ -8,6 +8,7 @@
     "bootstrap": false,
     "sinon": false,
     "Util": false,
+    "Sanitizer": false,
     "Data": false,
     "Alert": false,
     "Button": false,

js/tests/unit/modal.js

@@ -695,13 +695,10 @@ $(function () {
     ].join('')
 
     var $modal = $(modalHTML).appendTo('#qunit-fixture')
-    var expectedTransitionDuration = 300
-    var spy = sinon.spy(Util, 'getTransitionDurationFromElement')
 
     $modal.on('shown.bs.modal', function () {
-      assert.ok(spy.returned(expectedTransitionDuration))
       $style.remove()
-      spy.restore()
+      assert.ok(true)
       done()
     })
       .bootstrapModal('show')

js/tests/unit/tooltip.js

@@ -722,8 +722,10 @@ $(function () {
 
   QUnit.test('should not reload the tooltip on subsequent mouseenter events', function (assert) {
     assert.expect(1)
+    var fakeId = 1
     var titleHtml = function () {
-      var uid = Util.getUID('tooltip')
+      var uid = fakeId
+      fakeId++
       return '<p id="tt-content">' + uid + '</p><p>' + uid + '</p><p>' + uid + '</p>'
     }
 
@@ -753,8 +755,10 @@ $(function () {
   QUnit.test('should not reload the tooltip if the mouse leaves and re-enters before hiding', function (assert) {
     assert.expect(4)
 
+    var fakeId = 1
     var titleHtml = function () {
-      var uid = Util.getUID('tooltip')
+      var uid = 'tooltip' + fakeId
+      fakeId++
       return '<p id="tt-content">' + uid + '</p><p>' + uid + '</p><p>' + uid + '</p>'
     }
 
@@ -1152,24 +1156,6 @@ $(function () {
     assert.strictEqual(tooltip.config.template.indexOf('onError'), -1)
   })
 
-  QUnit.test('should sanitize template by removing tags with XSS', function (assert) {
-    assert.expect(1)
-
-    var $trigger = $('<a href="#" rel="tooltip" data-trigger="click" title="Another tooltip"/>')
-      .appendTo('#qunit-fixture')
-      .bootstrapTooltip({
-        template: [
-          '<div>',
-          '  <a href="javascript:alert(7)">Click me</a>',
-          '  <span>Some content</span>',
-          '</div>'
-        ].join('')
-      })
-
-    var tooltip = Tooltip._getInstance($trigger[0])
-    assert.strictEqual(tooltip.config.template.indexOf('script'), -1)
-  })
-
   QUnit.test('should allow custom sanitization rules', function (assert) {
     assert.expect(2)
 

js/tests/unit/util/index.js

@@ -1,8 +1,6 @@
 $(function () {
   'use strict'
 
-  window.Util = typeof bootstrap !== 'undefined' ? bootstrap.Util : Util
-
   QUnit.module('util', {
     afterEach: function () {
       $('#qunit-fixture').html('')

js/tests/unit/util/sanitizer.js

@@ -0,0 +1,51 @@
+$(function () {
+  'use strict'
+
+  QUnit.module('sanitizer', {
+    afterEach: function () {
+      $('#qunit-fixture').html('')
+    }
+  })
+
+  QUnit.test('should export a default white list', function (assert) {
+    assert.expect(1)
+
+    assert.ok(Sanitizer.DefaultWhitelist)
+  })
+
+  QUnit.test('should sanitize template by removing tags with XSS', function (assert) {
+    assert.expect(1)
+
+    var template = [
+      '<div>',
+      '  <a href="javascript:alert(7)">Click me</a>',
+      '  <span>Some content</span>',
+      '</div>'
+    ].join('')
+
+    var result = Sanitizer.sanitizeHtml(template, Sanitizer.DefaultWhitelist, null)
+
+    assert.strictEqual(result.indexOf('script'), -1)
+  })
+
+  QUnit.test('should not use native api to sanitize if a custom function passed', function (assert) {
+    assert.expect(2)
+
+    var template = [
+      '<div>',
+      '  <span>Some content</span>',
+      '</div>'
+    ].join('')
+
+    function mySanitize(htmlUnsafe) {
+      return htmlUnsafe
+    }
+
+    var spy = sinon.spy(DOMParser.prototype, 'parseFromString')
+    var result = Sanitizer.sanitizeHtml(template, Sanitizer.DefaultWhitelist, mySanitize)
+
+    assert.strictEqual(result, template)
+    assert.strictEqual(spy.called, false)
+    spy.restore()
+  })
+})