From a822fb1b4a9b3a7e6ef2b46b550d208009a9f642 Mon Sep 17 00:00:00 2001 From: Riyadh Date: Thu, 30 Apr 2026 13:43:56 +0000 Subject: [PATCH] Test the merge & current-meeting tint feature end-to-end (task #154) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds API + UI/e2e coverage for the cell-merge overlay introduced by task #152 on the executive-meetings schedule. Two new test files, no production code changes. API tests (artifacts/api-server/tests/executive-meetings-merge.test.mjs): - Setting a merge writes mergeStartColumn/mergeEndColumn/mergeText and the row round-trips back through GET ?date=. - Clearing with `merge: null` nulls all three columns while leaving the rest of the row intact (combined with a titleEn change in the same PATCH to prove only the merge fields move). - Invalid range start>end is rejected with 400 and the row is unchanged (also covers an unknown enum value). - mergeText is sanitized: ' + + 'link' + + ''; + + const patch = await api( + adminCookie, + "PATCH", + `/api/executive-meetings/${meeting.id}`, + { + merge: { + mergeStartColumn: "meeting", + mergeEndColumn: "attendees", + mergeText: dirty, + }, + }, + ); + assert.equal(patch.status, 200); + + const day = await api( + adminCookie, + "GET", + `/api/executive-meetings?date=${today}`, + ); + const body = await day.json(); + const row = body.meetings.find((m) => m.id === meeting.id); + const text = row.mergeText ?? ""; + + // Visible content survives. + assert.match(text, /Visible/, "visible text preserved"); + assert.match(text, /<(strong|b)[\s>]/i, " bold preserved"); + // The allowed inline color style on

must survive the sanitizer + // — Tiptap-style formatting (color, bold, etc.) is intentionally + // preserved so the merged label can carry the editor's formatting. + // Different sanitizers normalize whitespace/quotes inside the style + // attribute slightly differently, so the assertion just checks for + // the rgb triple in any spacing. + assert.match( + text.toLowerCase(), + /rgb\(\s*220\s*,\s*38\s*,\s*38\s*\)/, + "allowed inline color style survives sanitization", + ); + + // Dangerous markup gone. + assert.ok(!/