X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/1a32b25b5e85f68730aed95c65f252eb2e724978..refs/pull/767/head:/tests/Entity/PageContentTest.php diff --git a/tests/Entity/PageContentTest.php b/tests/Entity/PageContentTest.php index cd6526aec..8b0e180da 100644 --- a/tests/Entity/PageContentTest.php +++ b/tests/Entity/PageContentTest.php @@ -9,7 +9,7 @@ class PageContentTest extends TestCase public function test_page_includes() { $page = Page::first(); - $secondPage = Page::all()->get(2); + $secondPage = Page::where('id', '!=', $page->id)->first(); $secondPage->html = "

Hello, This is a test

This is a second block of content

"; $secondPage->save(); @@ -38,7 +38,7 @@ class PageContentTest extends TestCase public function test_saving_page_with_includes() { $page = Page::first(); - $secondPage = Page::all()->get(2); + $secondPage = Page::where('id', '!=', $page->id)->first(); $this->asEditor(); $page->html = "

{{@$secondPage->id}}

"; @@ -50,6 +50,23 @@ class PageContentTest extends TestCase $this->assertContains("{{@$secondPage->id}}", $page->html); } + public function test_page_includes_do_not_break_tables() + { + $page = Page::first(); + $secondPage = Page::where('id', '!=', $page->id)->first(); + + $content = '
test
'; + $secondPage->html = $content; + $secondPage->save(); + + $page->html = "{{@{$secondPage->id}#table}}"; + $page->save(); + + $this->asEditor(); + $pageResp = $this->get($page->getUrl()); + $pageResp->assertSee($content); + } + public function test_page_revision_views_viewable() { $this->asEditor(); @@ -95,4 +112,31 @@ class PageContentTest extends TestCase $pageView->assertSee('def456'); } + public function test_page_content_scripts_escaped_by_default() + { + $this->asEditor(); + $page = Page::first(); + $script = ''; + $page->html = "escape {$script}"; + $page->save(); + + $pageView = $this->get($page->getUrl()); + $pageView->assertDontSee($script); + $pageView->assertSee(htmlentities($script)); + } + + public function test_page_content_scripts_show_when_configured() + { + $this->asEditor(); + $page = Page::first(); + config()->push('app.allow_content_scripts', 'true'); + $script = ''; + $page->html = "no escape {$script}"; + $page->save(); + + $pageView = $this->get($page->getUrl()); + $pageView->assertSee($script); + $pageView->assertDontSee(htmlentities($script)); + } + }