X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/72c8b138e12a0596c56538e4c43e52847bfec2e0..refs/pull/3918/head:/tests/Entity/PageContentTest.php diff --git a/tests/Entity/PageContentTest.php b/tests/Entity/PageContentTest.php index d433c8b88..0c9854206 100644 --- a/tests/Entity/PageContentTest.php +++ b/tests/Entity/PageContentTest.php @@ -15,8 +15,8 @@ class PageContentTest extends TestCase public function test_page_includes() { - $page = Page::query()->first(); - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = $this->entities->page(); $secondPage->html = "

Hello, This is a test

This is a second block of content

"; $secondPage->save(); @@ -44,8 +44,8 @@ class PageContentTest extends TestCase public function test_saving_page_with_includes() { - $page = Page::query()->first(); - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = $this->entities->page(); $this->asEditor(); $includeTag = '{{@' . $secondPage->id . '}}'; @@ -62,10 +62,8 @@ class PageContentTest extends TestCase public function test_page_includes_do_not_break_tables() { - /** @var Page $page */ - $page = Page::query()->first(); - /** @var Page $secondPage */ - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = $this->entities->page(); $content = '
test
'; $secondPage->html = $content; @@ -80,10 +78,8 @@ class PageContentTest extends TestCase public function test_page_includes_do_not_break_code() { - /** @var Page $page */ - $page = Page::query()->first(); - /** @var Page $secondPage */ - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = $this->entities->page(); $content = '
var cat = null;
'; $secondPage->html = $content; @@ -98,7 +94,7 @@ class PageContentTest extends TestCase public function test_page_includes_rendered_on_book_export() { - $page = Page::query()->first(); + $page = $this->entities->page(); $secondPage = Page::query() ->where('book_id', '!=', $page->book_id) ->first(); @@ -118,7 +114,7 @@ class PageContentTest extends TestCase public function test_page_content_scripts_removed_by_default() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $script = 'abc123abc123'; $page->html = "escape {$script}"; $page->save(); @@ -141,7 +137,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -177,7 +173,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -206,7 +202,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -230,7 +226,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -255,7 +251,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -273,7 +269,7 @@ class PageContentTest extends TestCase public function test_page_inline_on_attributes_removed_by_default() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $script = '

Hello

'; $page->html = "escape {$script}"; $page->save(); @@ -298,7 +294,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -313,7 +309,7 @@ class PageContentTest extends TestCase public function test_page_content_scripts_show_when_configured() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); config()->push('app.allow_content_scripts', 'true'); $script = 'abc123abc123'; @@ -325,15 +321,21 @@ class PageContentTest extends TestCase $pageView->assertDontSee('abc123abc123'); } - public function test_svg_xlink_hrefs_are_removed() + public function test_svg_script_usage_is_removed() { $checks = [ '', '', + '', + '', + '', + 'XSS', + 'XSS', + '', ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -341,16 +343,18 @@ class PageContentTest extends TestCase $pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); - $this->withHtml($pageView)->assertElementNotContains('.page-content', 'alert'); - $this->withHtml($pageView)->assertElementNotContains('.page-content', 'xlink:href'); - $this->withHtml($pageView)->assertElementNotContains('.page-content', 'application/xml'); + $html = $this->withHtml($pageView); + $html->assertElementNotContains('.page-content', 'alert'); + $html->assertElementNotContains('.page-content', 'xlink:href'); + $html->assertElementNotContains('.page-content', 'application/xml'); + $html->assertElementNotContains('.page-content', 'javascript'); } } public function test_page_inline_on_attributes_show_if_configured() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); config()->push('app.allow_content_scripts', 'true'); $script = '

Hello

'; @@ -382,7 +386,7 @@ class PageContentTest extends TestCase public function test_duplicate_ids_fixed_on_page_save() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = ''; $pageSave = $this->put($page->getUrl(), [ @@ -399,7 +403,7 @@ class PageContentTest extends TestCase public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '

test

link

'; $this->put($page->getUrl(), [ @@ -477,7 +481,7 @@ class PageContentTest extends TestCase public function test_page_text_decodes_html_entities() { - $page = Page::query()->first(); + $page = $this->entities->page(); $this->actingAs($this->getAdmin()) ->put($page->getUrl(''), [ @@ -492,7 +496,7 @@ class PageContentTest extends TestCase public function test_page_markdown_table_rendering() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '| Syntax | Description | | ----------- | ----------- | @@ -513,7 +517,7 @@ class PageContentTest extends TestCase public function test_page_markdown_task_list_rendering() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '- [ ] Item a - [x] Item b'; @@ -534,7 +538,7 @@ class PageContentTest extends TestCase public function test_page_markdown_strikethrough_rendering() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '~~some crossed out text~~'; $this->put($page->getUrl(), [ @@ -552,7 +556,7 @@ class PageContentTest extends TestCase public function test_page_markdown_single_html_comment_saving() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = ''; $this->put($page->getUrl(), [ @@ -571,7 +575,7 @@ class PageContentTest extends TestCase public function test_base64_images_get_extracted_from_page_content() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $this->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -593,7 +597,7 @@ class PageContentTest extends TestCase public function test_base64_images_get_extracted_when_containing_whitespace() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $base64PngWithWhitespace = "iVBORw0KGg\noAAAANSUhE\tUgAAAAEAAAA BCA YAAAAfFcSJAAA\n\t ACklEQVR4nGMAAQAABQAB"; $base64PngWithoutWhitespace = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQAB'; @@ -624,7 +628,7 @@ class PageContentTest extends TestCase foreach ($extensions as $extension) { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $this->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -639,7 +643,7 @@ class PageContentTest extends TestCase public function test_base64_images_get_extracted_from_markdown_page_content() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $this->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -664,7 +668,7 @@ class PageContentTest extends TestCase $pcreRecursionLimit = ini_get('pcre.recursion_limit'); $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); ini_set('pcre.backtrack_limit', '500'); ini_set('pcre.recursion_limit', '500'); @@ -693,7 +697,7 @@ class PageContentTest extends TestCase public function test_base64_images_within_markdown_blanked_if_not_supported_extension_for_extract() { - $page = Page::query()->first(); + $page = $this->entities->page(); $this->asEditor()->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -705,7 +709,7 @@ class PageContentTest extends TestCase public function test_nested_headers_gets_assigned_an_id() { - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '
Simple Test
'; $this->asEditor()->put($page->getUrl(), [ @@ -721,8 +725,7 @@ class PageContentTest extends TestCase public function test_non_breaking_spaces_are_preserved() { - /** @var Page $page */ - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '

 

'; $this->asEditor()->put($page->getUrl(), [