feat(api): improve joi validation for html not allowed

Co-authored-by: Rebeca Kaci <[email protected]> Co-authored-by: Dimitri Lahaye <[email protected]>
1024pix · Apr 18, 2024 · 397c07a · 397c07a
1 parent 1486ed1
commit 397c07a
Show file tree

Hide file tree

Showing 7 changed files with 314 additions and 95 deletions.
diff --git a/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/image.js b/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/image.js
@@ -1,12 +1,12 @@
 import Joi from 'joi';
 
-import { htmlSchema, uuidSchema } from '../utils.js';
+import { htmlNotAllowedSchema, htmlSchema, uuidSchema } from '../utils.js';
 
 const imageElementSchema = Joi.object({
   id: uuidSchema,
   type: Joi.string().valid('image').required(),
   url: Joi.string().uri().required(),
-  alt: Joi.string().allow('').required(),
+  alt: htmlNotAllowedSchema.allow('').required(),
   alternativeText: htmlSchema.allow(''),
 }).required();
 

diff --git a/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/index.js b/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/index.js
@@ -1,11 +1,13 @@
 import { imageElementSchema } from './image.js';
 import { qcmElementSchema } from './qcm.js';
 import { qcuElementSchema } from './qcu.js';
-import { qrocmElementSchema } from './qrocm.js';
+import { blockInputSchema, blockSelectSchema, qrocmElementSchema } from './qrocm.js';
 import { textElementSchema } from './text.js';
 import { videoElementSchema } from './video.js';
 
 export {
+  blockInputSchema,
+  blockSelectSchema,
   imageElementSchema,
   qcmElementSchema,
   qcuElementSchema,

diff --git a/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/qrocm.js b/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/qrocm.js
@@ -1,16 +1,16 @@
 import Joi from 'joi';
 
-import { htmlSchema, proposalIdSchema, uuidSchema } from '../utils.js';
+import { htmlNotAllowedSchema, htmlSchema, proposalIdSchema, uuidSchema } from '../utils.js';
 
 const blockInputSchema = Joi.object({
-  input: Joi.string().required(),
+  input: htmlNotAllowedSchema.required(),
   type: Joi.string().valid('input').required(),
   inputType: Joi.string().valid('text', 'number').required(),
   size: Joi.number().positive().required(),
   display: Joi.string().valid('inline', 'block').required(),
-  placeholder: Joi.string().allow('').required(),
-  ariaLabel: Joi.string().required(),
-  defaultValue: Joi.string().allow('').required(),
+  placeholder: htmlNotAllowedSchema.allow('').required(),
+  ariaLabel: htmlNotAllowedSchema.required(),
+  defaultValue: htmlNotAllowedSchema.allow('').required(),
   tolerances: Joi.array()
     .unique()
     .items(Joi.string().valid('t1', 't2', 't3'))
@@ -19,18 +19,18 @@ const blockInputSchema = Joi.object({
 }).required();
 
 const blockSelectSchema = Joi.object({
-  input: Joi.string().required(),
+  input: htmlNotAllowedSchema.required(),
   type: Joi.string().valid('select').required(),
   display: Joi.string().valid('inline', 'block').required(),
-  placeholder: Joi.string().allow('').required(),
-  ariaLabel: Joi.string().required(),
-  defaultValue: Joi.string().allow('').required(),
+  placeholder: htmlNotAllowedSchema.allow('').required(),
+  ariaLabel: htmlNotAllowedSchema.required(),
+  defaultValue: htmlNotAllowedSchema.allow('').required(),
   tolerances: Joi.array().empty().required(),
   options: Joi.array()
     .items(
       Joi.object({
         id: proposalIdSchema,
-        content: Joi.string().required(),
+        content: htmlNotAllowedSchema.required(),
       }),
     )
     .required(),
@@ -55,4 +55,4 @@ const qrocmElementSchema = Joi.object({
   }).required(),
 });
 
-export { qrocmElementSchema };
+export { blockInputSchema, blockSelectSchema, qrocmElementSchema };
diff --git a/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/video.js b/...ests/devcomp/unit/infrastructure/datasources/learning-content/validation/element/video.js
@@ -1,11 +1,11 @@
 import Joi from 'joi';
 
-import { htmlSchema, uuidSchema } from '../utils.js';
+import { htmlNotAllowedSchema, htmlSchema, uuidSchema } from '../utils.js';
 
 const videoElementSchema = Joi.object({
   id: uuidSchema,
   type: Joi.string().valid('video').required(),
-  title: Joi.string().required(),
+  title: htmlNotAllowedSchema.required(),
   url: Joi.string().uri().required(),
   subtitles: Joi.string().uri().allow('').required(),
   transcription: htmlSchema.allow(''),