Initial import of space_profiles module

tests/codeception/unit/ProfileHtmlSanitizerTest.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace space_profiles;
+
+use humhub\modules\space_profiles\helpers\ProfileHtmlSanitizer;
+
+class ProfileHtmlSanitizerTest extends UnitTester
+{
+    public function testSanitizeRemovesScriptsAndHandlers(): void
+    {
+        $input = '<script>alert(1)</script><div class="hdr" onclick="alert(2)">OK</div>';
+
+        $output = ProfileHtmlSanitizer::sanitize($input);
+
+        $this->assertStringNotContainsString('<script', $output);
+        $this->assertStringNotContainsString('onclick=', $output);
+        $this->assertStringContainsString('<div class="hdr">OK</div>', $output);
+    }
+
+    public function testSanitizeStripsJavascriptUris(): void
+    {
+        $input = '<a href="javascript:alert(1)">bad</a><a href="https://example.org">good</a>';
+
+        $output = ProfileHtmlSanitizer::sanitize($input);
+
+        $this->assertStringNotContainsString('javascript:', $output);
+        $this->assertStringContainsString('https://example.org', $output);
+    }
+
+    public function testSanitizeScopesEmbeddedCss(): void
+    {
+        $input = '<style>body{color:red}.hdr{font-weight:bold}</style><div class="hdr">Title</div>';
+
+        $output = ProfileHtmlSanitizer::sanitize($input);
+
+        $this->assertStringContainsString('.rescue-profile-scope', $output);
+        $this->assertStringContainsString('.rescue-profile-scope .hdr', $output);
+        $this->assertStringNotContainsString('<style>body{color:red}', $output);
+    }
+}