-<?php namespace Tests\Entity;
+<?php
+
+namespace Tests\Entity;
-use BookStack\Entities\Tools\PageContent;
use BookStack\Entities\Models\Page;
+use BookStack\Entities\Tools\PageContent;
use Tests\TestCase;
use Tests\Uploads\UsesImages;
$pageView->assertElementNotContains('.page-content', '<script>');
$pageView->assertElementNotContains('.page-content', '</script>');
}
-
}
public function test_iframe_js_and_base64_urls_are_removed()
'<iframe SRC=" javascript: alert(document.cookie)"></iframe>',
'<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
'<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
- '<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>'
+ '<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',
];
$this->asEditor();
$pageView->assertElementNotContains('.page-content', 'data:');
$pageView->assertElementNotContains('.page-content', 'base64');
}
-
}
public function test_javascript_uri_links_are_removed()
{
$checks = [
'<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',
- '<a id="xss" href="javascript: alert(document.cookie)>Click me</a>'
+ '<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',
];
$this->asEditor();
$pageView->assertElementNotContains('.page-content', 'href=javascript:');
}
}
+
public function test_form_actions_with_javascript_are_removed()
{
$checks = [
'<form><input id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><input></form>',
'<form ><button id="xss" formaction=javascript:alert(document.domain)>Click me</button></form>',
- '<form id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></form>'
+ '<form id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></form>',
];
$this->asEditor();
$pageView->assertElementNotContains('.page-content', 'formaction=javascript:');
}
}
-
+
public function test_metadata_redirects_are_removed()
{
$checks = [
$pageView->assertElementNotContains('.page-content', 'external_url');
}
}
+
public function test_page_inline_on_attributes_removed_by_default()
{
$this->asEditor();
$pageView->assertStatus(200);
$pageView->assertElementNotContains('.page-content', 'onclick');
}
-
}
public function test_page_content_scripts_show_when_configured()
$pageA->html = $content;
$pageA->save();
- $pageB->html = '<ul id="bkmrk-xxx-%28"></ul> <p>{{@'. $pageA->id .'#test}}</p>';
+ $pageB->html = '<ul id="bkmrk-xxx-%28"></ul> <p>{{@' . $pageA->id . '#test}}</p>';
$pageB->save();
$pageView = $this->get($pageB->getUrl());
$content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';
$pageSave = $this->put($page->getUrl(), [
- 'name' => $page->name,
- 'html' => $content,
- 'summary' => ''
+ 'name' => $page->name,
+ 'html' => $content,
+ 'summary' => '',
]);
$pageSave->assertRedirect();
$updatedPage = Page::query()->where('id', '=', $page->id)->first();
- $this->assertEquals(substr_count($updatedPage->html, "bkmrk-test\""), 1);
+ $this->assertEquals(substr_count($updatedPage->html, 'bkmrk-test"'), 1);
}
public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()
$content = '<h1 id="non-standard-id">test</h1><p><a href="#non-standard-id">link</a></p>';
$this->put($page->getUrl(), [
- 'name' => $page->name,
- 'html' => $content,
- 'summary' => ''
+ 'name' => $page->name,
+ 'html' => $content,
+ 'summary' => '',
]);
$updatedPage = Page::query()->where('id', '=', $page->id)->first();
$this->assertCount(3, $navMap);
$this->assertArrayMapIncludes([
'nodeName' => 'h1',
- 'link' => '#testa',
- 'text' => 'Hello',
- 'level' => 1,
+ 'link' => '#testa',
+ 'text' => 'Hello',
+ 'level' => 1,
], $navMap[0]);
$this->assertArrayMapIncludes([
'nodeName' => 'h2',
- 'link' => '#testb',
- 'text' => 'There',
- 'level' => 2,
+ 'link' => '#testb',
+ 'text' => 'There',
+ 'level' => 2,
], $navMap[1]);
$this->assertArrayMapIncludes([
'nodeName' => 'h3',
- 'link' => '#testc',
- 'text' => 'Donkey',
- 'level' => 3,
+ 'link' => '#testc',
+ 'text' => 'Donkey',
+ 'level' => 3,
], $navMap[2]);
}
$this->assertCount(1, $navMap);
$this->assertArrayMapIncludes([
'nodeName' => 'h1',
- 'link' => '#testa',
- 'text' => 'Hello'
+ 'link' => '#testa',
+ 'text' => 'Hello',
], $navMap[0]);
}
$this->assertCount(3, $navMap);
$this->assertArrayMapIncludes([
'nodeName' => 'h4',
- 'level' => 1,
+ 'level' => 1,
], $navMap[0]);
$this->assertArrayMapIncludes([
'nodeName' => 'h5',
- 'level' => 2,
+ 'level' => 2,
], $navMap[1]);
$this->assertArrayMapIncludes([
'nodeName' => 'h6',
- 'level' => 3,
+ 'level' => 3,
], $navMap[2]);
}
| Paragraph | Text |';
$this->put($page->getUrl(), [
'name' => $page->name, 'markdown' => $content,
- 'html' => '', 'summary' => ''
+ 'html' => '', 'summary' => '',
]);
$page->refresh();
- [x] Item b';
$this->put($page->getUrl(), [
'name' => $page->name, 'markdown' => $content,
- 'html' => '', 'summary' => ''
+ 'html' => '', 'summary' => '',
]);
$page->refresh();
$this->assertStringContainsString('type="checkbox"', $page->html);
$pageView = $this->get($page->getUrl());
- $pageView->assertElementExists('.page-content input[type=checkbox]');
+ $pageView->assertElementExists('.page-content li.task-list-item input[type=checkbox]');
+ $pageView->assertElementExists('.page-content li.task-list-item input[type=checkbox][checked=checked]');
}
public function test_page_markdown_strikethrough_rendering()
$content = '~~some crossed out text~~';
$this->put($page->getUrl(), [
'name' => $page->name, 'markdown' => $content,
- 'html' => '', 'summary' => ''
+ 'html' => '', 'summary' => '',
]);
$page->refresh();
$content = '<!-- Test Comment -->';
$this->put($page->getUrl(), [
'name' => $page->name, 'markdown' => $content,
- 'html' => '', 'summary' => ''
+ 'html' => '', 'summary' => '',
]);
$page->refresh();
$this->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
- 'html' => '<p>test<img src="data:image/jpeg;base64,'.$this->base64Jpeg.'"/></p>',
+ 'html' => '<p>test<img src="data:image/jpeg;base64,' . $this->base64Jpeg . '"/></p>',
]);
$page->refresh();
$base64PngWithoutWhitespace = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQAB';
$this->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
- 'html' => '<p>test<img src="data:image/png;base64,'.$base64PngWithWhitespace.'"/></p>',
+ 'html' => '<p>test<img src="data:image/png;base64,' . $base64PngWithWhitespace . '"/></p>',
]);
$page->refresh();
$this->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
- 'html' => '<p>test<img src="data:image/jiff;base64,'.$this->base64Jpeg.'"/></p>',
+ 'html' => '<p>test<img src="data:image/jiff;base64,' . $this->base64Jpeg . '"/></p>',
]);
$page->refresh();
projects / bookstack / blobdiff