# edited by glg
from pypos.modules.penjualan.services.history_detail_render_service import (
    HistoryDetailRenderService,
)


def test_build_transaksi_detail_payload_escapes_dynamic_html_fields():
    svc = HistoryDetailRenderService()
    payload = svc.build_transaksi_detail_payload(
        header_data=[
            1,
            "<b>Pembeli</b>",
            0,
            11,
            100000,
            "2026-01-01 10:00:00",
            1,
            "<script>kasir</script>",
            "kredit",
            "",
            "<img src=x onerror=alert(1)>",
            1,
            100000,
            0,
            "",
            "4111111111111234",
            "include",
        ],
        detail_rows=[(1, "Produk A", 100000, 1, 0, "pcs")],
    )

    html = payload["html"]
    assert "&lt;b&gt;Pembeli&lt;/b&gt;" in html
    assert "&lt;script&gt;kasir&lt;/script&gt;" in html
    assert "&lt;img src=x onerror=alert(1)&gt;" in html
    assert "****1234" in html


def test_build_barang_detail_html_escapes_item_fields():
    svc = HistoryDetailRenderService()
    html = svc.build_barang_detail_html(
        [
            (
                "<code>SKU-1</code>",
                "<svg/onload=alert(1)>",
                12000,
                2,
                0,
                "<b>pcs</b>",
            )
        ]
    )

    assert "&lt;code&gt;SKU-1&lt;/code&gt;" in html
    assert "&lt;svg/onload=alert(1)&gt;" in html
    assert "&lt;b&gt;pcs&lt;/b&gt;" in html