importexpressfrom"express"import{errorHandler}from"../../../../src/node/routes/errors"describe("error page is rendered for text/html requests",()=>{it("escapes any html in the error messages",async()=>{constnext=jest.fn()consterr={code:"ENOENT",statusCode:404,message:";>hello<script>alert(1)</script>",}constreq=createRequest()constres={status:jest.fn().mockReturnValue(this),send:jest.fn().mockReturnValue(this),set:jest.fn().mockReturnValue(this),}asunknownasexpress.ResponseawaiterrorHandler(err,req,res,next)expect(res.status).toHaveBeenCalledWith(404)expect(res.send).toHaveBeenCalledWith(expect.not.stringContaining("<script>"))})})functioncreateRequest():express.Request{return{headers:{accept:["text/html"],},originalUrl:"http://example.com/test",query:{to:"test",},}asunknownasexpress.Request}