deerflow-factory/backend/tests/test_security_html_cleaner.py

"""Tests for HTML cleaner."""

import pytest
from deerflow.security.html_cleaner import extract_secure_text


def test_html_scripts_are_removed():
    """Script tags must be stripped."""
    html = "<p>Hello</p><script>alert('xss')</script><p>World</p>"
    result = extract_secure_text(html)
    
    assert "script" not in result.lower()
    assert "alert" not in result
    assert "Hello" in result
    assert "World" in result