package controllers

import (
	"bytes"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/gin-gonic/gin"
	"github.com/stretchr/testify/assert"
)

func testXSSAttempt(t *testing.T) {
	gin.SetMode(gin.TestMode)
	router := gin.New()
	router.POST("/register", Uc.RegisterUser)

	xssPayload := "<script>alert('XSS')</script>"
	user := getBaseUser()
	user.FirstName = xssPayload
	user.Email = "user@xss.hack"
	jsonData, _ := json.Marshal(RegistrationData{User: user})
	req, _ := http.NewRequest("POST", "/register", bytes.NewBuffer(jsonData))
	req.Header.Set("Content-Type", "application/json")
	w := httptest.NewRecorder()
	router.ServeHTTP(w, req)

	assert.Equal(t, http.StatusBadRequest, w.Code)
	assert.NotContains(t, w.Body.String(), xssPayload)
}