create(); $this->team = Team::factory()->create(); $user->teams()->attach($this->team); $this->actingAs($user); session(['currentTeam' => $this->team]); $this->server = Server::factory()->create([ 'team_id' => $this->team->id, ]); }); it('strips dangerous HTML from validation_logs via mutator', function () { $xssPayload = '

'; $this->server->update(['validation_logs' => $xssPayload]); $this->server->refresh(); expect($this->server->validation_logs)->not->toContain('and($this->server->validation_logs)->not->toContain('onerror'); }); it('strips script tags from validation_logs', function () { $xssPayload = ''; $this->server->update(['validation_logs' => $xssPayload]); $this->server->refresh(); expect($this->server->validation_logs)->not->toContain('server->update(['validation_logs' => $allowedHtml]); $this->server->refresh(); expect($this->server->validation_logs)->toContain('and($this->server->validation_logs)->toContain('and($this->server->validation_logs)->toContain('and($this->server->validation_logs)->toContain('Connection refused'); }); it('allows null validation_logs', function () { $this->server->update(['validation_logs' => null]); $this->server->refresh(); expect($this->server->validation_logs)->toBeNull(); }); it('sanitizes XSS embedded within valid error HTML', function () { $maliciousError = 'Server is not reachable.

Error:

'; $this->server->update(['validation_logs' => $maliciousError]); $this->server->refresh(); expect($this->server->validation_logs)->toContain('and($this->server->validation_logs)->toContain('Error:') ->and($this->server->validation_logs)->not->toContain('onerror') ->and($this->server->validation_logs)->not->toContain('server->update(['validation_logs' => $payload]); $this->server->refresh(); expect($this->server->validation_logs)->toContain('and($this->server->validation_logs)->not->toContain('onmouseover'); });