import assert from "node:assert/strict"; import test from "node:test"; import { parsePublicAuditSlug, toPublicAuditSlug } from "../lib/audits/slugs"; import { toPublicAuditRenderState } from "../lib/audits/public-audit-presenter"; test("public audit slug helpers normalize German company names without leaking arbitrary path input", () => { assert.equal(toPublicAuditSlug("Müller & Söhne GmbH", "Example.COM"), "mueller-soehne-gmbh-example-com"); assert.equal(parsePublicAuditSlug("mueller-soehne-gmbh-example-com"), "mueller-soehne-gmbh-example-com"); assert.equal(parsePublicAuditSlug("../secret"), null); assert.equal(parsePublicAuditSlug("x".repeat(121)), null); }); test("public audit presenter hides unavailable records and sanitizes external CTA links", () => { assert.deepEqual(toPublicAuditRenderState(null), { kind: "unavailable" }); assert.deepEqual(toPublicAuditRenderState({ publicationStatus: "draft" }), { kind: "pending" }); assert.deepEqual(toPublicAuditRenderState({ publicationStatus: "deactivated" }), { kind: "unavailable" }); const rendered = toPublicAuditRenderState({ publicationStatus: "published", companyName: "Lemon Space", domain: "lemonspace.example", publishedAt: "2026-06-05T10:00:00.000Z", publicContent: { headline: "Mehr Anfragen über die Website", intro: "Die Website hat gute Grundlagen.", observations: [ { title: "Kontakt ist schwer zu finden", observation: "Der primäre Kontaktweg liegt zu tief.", impact: "Mehr Absprünge auf mobilen Geräten.", suggestion: "CTA im ersten sichtbaren Bereich ergänzen.", }, ], finalOffer: { body: "Wir priorisieren die nächsten Verbesserungen gemeinsam.", ctaLabel: "Audit besprechen", ctaHref: "javascript:alert(1)", }, }, screenshots: [], }); assert.equal(rendered.kind, "published"); if (rendered.kind !== "published") { return; } assert.equal(rendered.audit.finalOffer.ctaHref, undefined); assert.equal(rendered.audit.observations[0]?.impact, "Mehr Absprünge auf mobilen Geräten."); });