diff --git a/apps/logicsrc-web/contract/html-sanitizer.test.ts b/apps/logicsrc-web/contract/html-sanitizer.test.ts
new file mode 100644
index 0000000..8fc14a3
--- /dev/null
+++ b/apps/logicsrc-web/contract/html-sanitizer.test.ts
@@ -0,0 +1,19 @@
+import { describe, expect, it } from "vitest";
+
+import { sanitizeRenderedHtml } from "@/lib/html";
+
+describe("sanitizeRenderedHtml", () => {
+ it("removes script tags, event handlers, and javascript URLs", () => {
+ const html = sanitizeRenderedHtml(
+ 'Title
Hello
bad'
+ );
+
+ expect(html).toContain("Title
");
+ expect(html).toContain("Hello
");
+ expect(html).toContain('');
+ expect(html).toContain("bad");
+ expect(html).not.toContain("