]> BookStack Code Mirror - bookstack/blobdiff - tests/Entity/PageContentTest.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update maintenance.php
[bookstack] / tests / Entity / PageContentTest.php
diff --git a/tests/Entity/PageContentTest.php b/tests/Entity/PageContentTest.php
index 03cf03956db0bf534fb097c4687fab5e4207eca1..6201cf5d7af005243128b80657cf347b0f5a6dcb 100644 (file)
--- a/tests/Entity/PageContentTest.php
+++ b/tests/Entity/PageContentTest.php
@@ -71,17 +71,30 @@ class PageContentTest extends TestCase
         $pageResp->assertSee($content);
     }
 
-    public function test_page_content_scripts_escaped_by_default()
+    public function test_page_content_scripts_removed_by_default()
     {
         $this->asEditor();
         $page = Page::first();
-        $script = '<script>console.log("hello-test")</script>';
+        $script = 'abc123<script>console.log("hello-test")</script>abc123';
         $page->html = "escape {$script}";
         $page->save();
 
         $pageView = $this->get($page->getUrl());
         $pageView->assertDontSee($script);
-        $pageView->assertSee(htmlentities($script));
+        $pageView->assertSee('abc123abc123');
+    }
+
+    public function test_page_inline_on_attributes_removed_by_default()
+    {
+        $this->asEditor();
+        $page = Page::first();
+        $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
+        $page->html = "escape {$script}";
+        $page->save();
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertDontSee($script);
+        $pageView->assertSee('<p>Hello</p>');
     }
 
     public function test_page_content_scripts_show_when_configured()
@@ -89,13 +102,29 @@ class PageContentTest extends TestCase
         $this->asEditor();
         $page = Page::first();
         config()->push('app.allow_content_scripts', 'true');
-        $script = '<script>console.log("hello-test")</script>';
+
+        $script = 'abc123<script>console.log("hello-test")</script>abc123';
         $page->html = "no escape {$script}";
         $page->save();
 
         $pageView = $this->get($page->getUrl());
         $pageView->assertSee($script);
-        $pageView->assertDontSee(htmlentities($script));
+        $pageView->assertDontSee('abc123abc123');
+    }
+
+    public function test_page_inline_on_attributes_show_if_configured()
+    {
+        $this->asEditor();
+        $page = Page::first();
+        config()->push('app.allow_content_scripts', 'true');
+
+        $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
+        $page->html = "escape {$script}";
+        $page->save();
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertSee($script);
+        $pageView->assertDontSee('<p>Hello</p>');
     }
 
     public function test_duplicate_ids_does_not_break_page_render()
@@ -120,7 +149,7 @@ class PageContentTest extends TestCase
         $this->asEditor();
         $page = Page::first();
 
-        $content = '<p id="bkmrk-test">test a</p>'."\n".'<p id="bkmrk-test">test b</p>';
+        $content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';
         $pageSave = $this->put($page->getUrl(), [
             'name' => $page->name,
             'html' => $content,
The core source code for the BookStack project.