import { describe, expect, test } from "bun:test";
import { safeExternalHref } from "./safe-external-href";

describe("safeExternalHref", () => {
  test("allows https urls", () => {
    expect(safeExternalHref("https://example.com/path?q=1")).toBe("https://example.com/path?q=1");
  });

  test("rejects javascript/data/ftp protocols", () => {
    expect(safeExternalHref("javascript:alert(1)")).toBeUndefined();
    expect(safeExternalHref("data:text/html,hello")).toBeUndefined();
    expect(safeExternalHref("ftp://example.com/file.txt")).toBeUndefined();
  });

  test("supports mailto only when allowMailto=true", () => {
    const mailto = "mailto:user@example.com?subject=Hello";
    expect(safeExternalHref(mailto)).toBeUndefined();
    expect(safeExternalHref(mailto, { allowMailto: true })).toBe(mailto);
  });
});