Pixcen V8 Scripting Test Suite
===============================

This directory contains test scripts for validating V8 engine security,
stability, and compatibility fixes implemented on 2025-11-24.

## Directory Structure

- brushes/     Security tests for algorithmic brushes
- encoding/    UTF-8 file handling tests
- isolation/   V8 isolate lifecycle tests
- listeners/   Registration callback tests

## Running Tests

### Manual Testing via Pixcen UI

1. Open Pixcen
2. Brush → Select Algorithmic Brush...
3. Navigate to scripts/test/brushes/
4. Try loading each "evil-*" brush
5. Verify timeouts/errors are handled gracefully

### Expected Behavior

**evil-infinite-loop.js**
→ Timeout after 1 second, error message displayed
→ Application remains responsive

**evil-memory-bomb.js**
→ Out of memory error before system exhaustion
→ No crash or freeze

**evil-deep-recursion.js**
→ Stack overflow error handled gracefully
→ No application crash

**evil-slow-generation.js**
→ Completes with performance warning logged (>500ms)
→ User can still paint after completion

**valid-complex-brush.js**
→ Completes successfully in <50ms
→ Generates 16×16 circular brush pattern

**valid-utf8-brush.js**
→ Loads correctly with UTF-8 characters preserved
→ Comments display mathematical symbols correctly

## UTF-8 Encoding Tests

**encoding/utf8-no-bom.js**
→ Loads correctly (no BOM marker)

**encoding/utf8-with-bom.js**
→ Loads correctly (BOM automatically stripped)

**encoding/utf8-comments.js**
→ Preserves Unicode characters in comments: π, ≈, °, ∞

**encoding/utf8-strings.js**
→ Preserves Unicode characters in string literals

**encoding/windows-1252-corruption.js**
→ EXPECTED TO FAIL - demonstrates old behavior with wrong encoding

## Security Notes

⚠️ These test scripts intentionally contain malicious patterns:
- Infinite loops
- Memory exhaustion attempts
- Stack overflow recursion
- Performance stress tests

**DO NOT** use these brushes for actual artwork.
They exist solely to validate security guardrails.

## Test Results Log

After running tests, document results here:

Date: _____________
Tester: ___________

[ ] evil-infinite-loop.js      - PASS / FAIL (describe behavior)
[ ] evil-memory-bomb.js         - PASS / FAIL
[ ] evil-deep-recursion.js      - PASS / FAIL
[ ] evil-slow-generation.js     - PASS / FAIL
[ ] valid-complex-brush.js      - PASS / FAIL
[ ] valid-utf8-brush.js         - PASS / FAIL
[ ] utf8-no-bom.js             - PASS / FAIL
[ ] utf8-with-bom.js           - PASS / FAIL
[ ] utf8-comments.js           - PASS / FAIL
[ ] utf8-strings.js            - PASS / FAIL

## Version History

2025-11-24: Initial test suite creation (Phase 5 of V8 security fixes)
            - Added watchdog timer (1 second timeout)
            - Added memory limits (50 MB for brushes)
            - Fixed isolate leak on context creation failure
            - Fixed UTF-8 script reading (BOM stripping support)
            - Added RAII listener guards for thread safety
