X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/b3d4c199aefd6066c444898eada3c8bb43dc5cb5..refs/pull/767/head:/tests/Entity/PageContentTest.php

diff --git a/tests/Entity/PageContentTest.php b/tests/Entity/PageContentTest.php
index 6b64c2c64..8b0e180da 100644
--- a/tests/Entity/PageContentTest.php
+++ b/tests/Entity/PageContentTest.php
@@ -9,7 +9,7 @@ class PageContentTest extends TestCase
     public function test_page_includes()
     {
         $page = Page::first();
-        $secondPage = Page::all()->get(2);
+        $secondPage = Page::where('id', '!=', $page->id)->first();
 
         $secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";
         $secondPage->save();
@@ -35,6 +35,38 @@ class PageContentTest extends TestCase
         $pageContent->assertSee('Well This is a second block of content');
     }
 
+    public function test_saving_page_with_includes()
+    {
+        $page = Page::first();
+        $secondPage = Page::where('id', '!=', $page->id)->first();
+        $this->asEditor();
+        $page->html = "<p>{{@$secondPage->id}}</p>";
+
+        $resp = $this->put($page->getUrl(), ['name' => $page->name, 'html' => $page->html, 'summary' => '']);
+
+        $resp->assertStatus(302);
+
+        $page = Page::find($page->id);
+        $this->assertContains("{{@$secondPage->id}}", $page->html);
+    }
+
+    public function test_page_includes_do_not_break_tables()
+    {
+        $page = Page::first();
+        $secondPage = Page::where('id', '!=', $page->id)->first();
+
+        $content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';
+        $secondPage->html = $content;
+        $secondPage->save();
+
+        $page->html = "{{@{$secondPage->id}#table}}";
+        $page->save();
+
+        $this->asEditor();
+        $pageResp = $this->get($page->getUrl());
+        $pageResp->assertSee($content);
+    }
+
     public function test_page_revision_views_viewable()
     {
         $this->asEditor();
@@ -80,4 +112,31 @@ class PageContentTest extends TestCase
         $pageView->assertSee('def456');
     }
 
+    public function test_page_content_scripts_escaped_by_default()
+    {
+        $this->asEditor();
+        $page = Page::first();
+        $script = '<script>console.log("hello-test")</script>';
+        $page->html = "escape {$script}";
+        $page->save();
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertDontSee($script);
+        $pageView->assertSee(htmlentities($script));
+    }
+
+    public function test_page_content_scripts_show_when_configured()
+    {
+        $this->asEditor();
+        $page = Page::first();
+        config()->push('app.allow_content_scripts', 'true');
+        $script = '<script>console.log("hello-test")</script>';
+        $page->html = "no escape {$script}";
+        $page->save();
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertSee($script);
+        $pageView->assertDontSee(htmlentities($script));
+    }
+
 }