Jamkris 33ed494adf test(ci): regression coverage for newly-covered invisible code points ...

9 new test cases pin down the two previous commits' denylist
extensions. Each verifies both detection (validator exit non-zero +
the expected `dangerous-invisible U+<HEX>` line on stderr) and,
where applicable, `--write` sanitization.

Coverage:

Tag block (commit 1):
- U+E0041 TAG LATIN CAPITAL LETTER A — the range's printable ASCII
  shadow; this is the byte sequence demonstrated in published ASCII
  smuggling proofs of concept.
- U+E007F CANCEL TAG — the range end.

Other invisibles (commit 2):
- U+180E MONGOLIAN VOWEL SEPARATOR
- U+115F HANGUL CHOSEONG FILLER
- U+1160 HANGUL JUNGSEONG FILLER
- U+2061 FUNCTION APPLICATION (range start)
- U+2064 INVISIBLE PLUS (range end)
- U+3164 HANGUL FILLER

Detection table is data-driven (one loop, one assertion per row) so
adding the next invisible to the denylist also gets a paired
regression test by simply appending to NEWLY_COVERED_RANGES.

Plus a `--write` integration test:
- writes a markdown file containing both Tag block (5 chars) and
  U+180E, runs `--write`, asserts both removed and surrounding text
  preserved character-for-character ('# Title\n\nBenigntext.\n').
- re-runs the validator without `--write` and asserts exit 0,
  confirming the sanitizer's output is idempotent under the
  extended denylist.

Test count: 5 → 14 in this file; full `yarn test` green; `yarn lint`
clean.

2026-05-18 21:20:36 -04:00

7.7 KiB

Raw Blame History

View Raw