]> BookStack Code Mirror - bookstack/blob - tests/Entity/PageContentTest.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #3986 from BookStackApp/permission_testing
[bookstack] / tests / Entity / PageContentTest.php
1 <?php
2
3 namespace Tests\Entity;
4
5 use BookStack\Entities\Models\Page;
6 use BookStack\Entities\Tools\PageContent;
7 use Tests\TestCase;
8 use Tests\Uploads\UsesImages;
9
10 class PageContentTest extends TestCase
11 {
12     use UsesImages;
13
14     protected $base64Jpeg = '/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=';
15
16     public function test_page_includes()
17     {
18         $page = $this->entities->page();
19         $secondPage = $this->entities->page();
20
21         $secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";
22         $secondPage->save();
23
24         $this->asEditor();
25
26         $pageContent = $this->get($page->getUrl());
27         $pageContent->assertDontSee('Hello, This is a test');
28
29         $originalHtml = $page->html;
30         $page->html .= "{{@{$secondPage->id}}}";
31         $page->save();
32
33         $pageContent = $this->get($page->getUrl());
34         $pageContent->assertSee('Hello, This is a test');
35         $pageContent->assertSee('This is a second block of content');
36
37         $page->html = $originalHtml . " Well {{@{$secondPage->id}#section2}}";
38         $page->save();
39
40         $pageContent = $this->get($page->getUrl());
41         $pageContent->assertDontSee('Hello, This is a test');
42         $pageContent->assertSee('Well This is a second block of content');
43     }
44
45     public function test_saving_page_with_includes()
46     {
47         $page = $this->entities->page();
48         $secondPage = $this->entities->page();
49
50         $this->asEditor();
51         $includeTag = '{{@' . $secondPage->id . '}}';
52         $page->html = '<p>' . $includeTag . '</p>';
53
54         $resp = $this->put($page->getUrl(), ['name' => $page->name, 'html' => $page->html, 'summary' => '']);
55
56         $resp->assertStatus(302);
57
58         $page = Page::find($page->id);
59         $this->assertStringContainsString($includeTag, $page->html);
60         $this->assertEquals('', $page->text);
61     }
62
63     public function test_page_includes_do_not_break_tables()
64     {
65         $page = $this->entities->page();
66         $secondPage = $this->entities->page();
67
68         $content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';
69         $secondPage->html = $content;
70         $secondPage->save();
71
72         $page->html = "{{@{$secondPage->id}#table}}";
73         $page->save();
74
75         $pageResp = $this->asEditor()->get($page->getUrl());
76         $pageResp->assertSee($content, false);
77     }
78
79     public function test_page_includes_do_not_break_code()
80     {
81         $page = $this->entities->page();
82         $secondPage = $this->entities->page();
83
84         $content = '<pre id="bkmrk-code"><code>var cat = null;</code></pre>';
85         $secondPage->html = $content;
86         $secondPage->save();
87
88         $page->html = "{{@{$secondPage->id}#bkmrk-code}}";
89         $page->save();
90
91         $pageResp = $this->asEditor()->get($page->getUrl());
92         $pageResp->assertSee($content, false);
93     }
94
95     public function test_page_includes_rendered_on_book_export()
96     {
97         $page = $this->entities->page();
98         $secondPage = Page::query()
99             ->where('book_id', '!=', $page->book_id)
100             ->first();
101
102         $content = '<p id="bkmrk-meow">my cat is awesome and scratchy</p>';
103         $secondPage->html = $content;
104         $secondPage->save();
105
106         $page->html = "{{@{$secondPage->id}#bkmrk-meow}}";
107         $page->save();
108
109         $this->asEditor();
110         $htmlContent = $this->get($page->book->getUrl('/export/html'));
111         $htmlContent->assertSee('my cat is awesome and scratchy');
112     }
113
114     public function test_page_content_scripts_removed_by_default()
115     {
116         $this->asEditor();
117         $page = $this->entities->page();
118         $script = 'abc123<script>console.log("hello-test")</script>abc123';
119         $page->html = "escape {$script}";
120         $page->save();
121
122         $pageView = $this->get($page->getUrl());
123         $pageView->assertStatus(200);
124         $pageView->assertDontSee($script, false);
125         $pageView->assertSee('abc123abc123');
126     }
127
128     public function test_more_complex_content_script_escaping_scenarios()
129     {
130         $checks = [
131             "<p>Some script</p><script>alert('cat')</script>",
132             "<div><div><div><div><p>Some script</p><script>alert('cat')</script></div></div></div></div>",
133             "<p>Some script<script>alert('cat')</script></p>",
134             "<p>Some script <div><script>alert('cat')</script></div></p>",
135             "<p>Some script <script><div>alert('cat')</script></div></p>",
136             "<p>Some script <script><div>alert('cat')</script><script><div>alert('cat')</script></p><script><div>alert('cat')</script>",
137         ];
138
139         $this->asEditor();
140         $page = $this->entities->page();
141
142         foreach ($checks as $check) {
143             $page->html = $check;
144             $page->save();
145
146             $pageView = $this->get($page->getUrl());
147             $pageView->assertStatus(200);
148             $this->withHtml($pageView)->assertElementNotContains('.page-content', '<script>');
149             $this->withHtml($pageView)->assertElementNotContains('.page-content', '</script>');
150         }
151     }
152
153     public function test_js_and_base64_src_urls_are_removed()
154     {
155         $checks = [
156             '<iframe src="javascript:alert(document.cookie)"></iframe>',
157             '<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
158             '<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',
159             '<iframe SRC=" javascript: alert(document.cookie)"></iframe>',
160             '<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
161             '<iframe src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
162             '<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',
163             '<img src="javascript:alert(document.cookie)"/>',
164             '<img src="JavAScRipT:alert(document.cookie)"/>',
165             '<img src="JavAScRipT:alert(document.cookie)"/>',
166             '<img SRC=" javascript: alert(document.cookie)"/>',
167             '<img src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
168             '<img src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
169             '<img src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',
170             '<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',
171             '<iframe SRCdoc="<script>window.alert(document.cookie)</script>"></iframe>',
172             '<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',
173         ];
174
175         $this->asEditor();
176         $page = $this->entities->page();
177
178         foreach ($checks as $check) {
179             $page->html = $check;
180             $page->save();
181
182             $pageView = $this->get($page->getUrl());
183             $pageView->assertStatus(200);
184             $html = $this->withHtml($pageView);
185             $html->assertElementNotContains('.page-content', '<iframe>');
186             $html->assertElementNotContains('.page-content', '<img');
187             $html->assertElementNotContains('.page-content', '</iframe>');
188             $html->assertElementNotContains('.page-content', 'src=');
189             $html->assertElementNotContains('.page-content', 'javascript:');
190             $html->assertElementNotContains('.page-content', 'data:');
191             $html->assertElementNotContains('.page-content', 'base64');
192         }
193     }
194
195     public function test_javascript_uri_links_are_removed()
196     {
197         $checks = [
198             '<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',
199             '<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',
200             '<a id="xss" href="JaVaScRiPt: alert(document.cookie)>Click me</a>',
201             '<a id="xss" href=" JaVaScRiPt: alert(document.cookie)>Click me</a>',
202         ];
203
204         $this->asEditor();
205         $page = $this->entities->page();
206
207         foreach ($checks as $check) {
208             $page->html = $check;
209             $page->save();
210
211             $pageView = $this->get($page->getUrl());
212             $pageView->assertStatus(200);
213             $this->withHtml($pageView)->assertElementNotContains('.page-content', '<a id="xss"');
214             $this->withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:');
215         }
216     }
217
218     public function test_form_actions_with_javascript_are_removed()
219     {
220         $checks = [
221             '<form><input id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><input></form>',
222             '<form ><button id="xss" formaction="JaVaScRiPt:alert(document.domain)">Click me</button></form>',
223             '<form ><button id="xss" formaction=javascript:alert(document.domain)>Click me</button></form>',
224             '<form id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></form>',
225             '<form id="xss" action="JaVaScRiPt:alert(document.domain)"><input type=submit value=Submit></form>',
226         ];
227
228         $this->asEditor();
229         $page = $this->entities->page();
230
231         foreach ($checks as $check) {
232             $page->html = $check;
233             $page->save();
234
235             $pageView = $this->get($page->getUrl());
236             $pageView->assertStatus(200);
237             $this->withHtml($pageView)->assertElementNotContains('.page-content', '<button id="xss"');
238             $this->withHtml($pageView)->assertElementNotContains('.page-content', '<input id="xss"');
239             $this->withHtml($pageView)->assertElementNotContains('.page-content', '<form id="xss"');
240             $this->withHtml($pageView)->assertElementNotContains('.page-content', 'action=javascript:');
241             $this->withHtml($pageView)->assertElementNotContains('.page-content', 'formaction=javascript:');
242         }
243     }
244
245     public function test_metadata_redirects_are_removed()
246     {
247         $checks = [
248             '<meta http-equiv="refresh" content="0; url=//external_url">',
249             '<meta http-equiv="refresh" ConTeNt="0; url=//external_url">',
250             '<meta http-equiv="refresh" content="0; UrL=//external_url">',
251         ];
252
253         $this->asEditor();
254         $page = $this->entities->page();
255
256         foreach ($checks as $check) {
257             $page->html = $check;
258             $page->save();
259
260             $pageView = $this->get($page->getUrl());
261             $pageView->assertStatus(200);
262             $this->withHtml($pageView)->assertElementNotContains('.page-content', '<meta>');
263             $this->withHtml($pageView)->assertElementNotContains('.page-content', '</meta>');
264             $this->withHtml($pageView)->assertElementNotContains('.page-content', 'content=');
265             $this->withHtml($pageView)->assertElementNotContains('.page-content', 'external_url');
266         }
267     }
268
269     public function test_page_inline_on_attributes_removed_by_default()
270     {
271         $this->asEditor();
272         $page = $this->entities->page();
273         $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
274         $page->html = "escape {$script}";
275         $page->save();
276
277         $pageView = $this->get($page->getUrl());
278         $pageView->assertStatus(200);
279         $pageView->assertDontSee($script, false);
280         $pageView->assertSee('<p>Hello</p>', false);
281     }
282
283     public function test_more_complex_inline_on_attributes_escaping_scenarios()
284     {
285         $checks = [
286             '<p onclick="console.log(\'test\')">Hello</p>',
287             '<p OnCliCk="console.log(\'test\')">Hello</p>',
288             '<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
289             '<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
290             '<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></div></div>',
291             '<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p><div></div>',
292             '<a a="<img src=1 onerror=\'alert(1)\'> ',
293             '\<a onclick="alert(document.cookie)"\>xss link\</a\>',
294         ];
295
296         $this->asEditor();
297         $page = $this->entities->page();
298
299         foreach ($checks as $check) {
300             $page->html = $check;
301             $page->save();
302
303             $pageView = $this->get($page->getUrl());
304             $pageView->assertStatus(200);
305             $this->withHtml($pageView)->assertElementNotContains('.page-content', 'onclick');
306         }
307     }
308
309     public function test_page_content_scripts_show_when_configured()
310     {
311         $this->asEditor();
312         $page = $this->entities->page();
313         config()->set('app.allow_content_scripts', 'true');
314
315         $script = 'abc123<script>console.log("hello-test")</script>abc123';
316         $page->html = "no escape {$script}";
317         $page->save();
318
319         $pageView = $this->get($page->getUrl());
320         $pageView->assertSee($script, false);
321         $pageView->assertDontSee('abc123abc123');
322     }
323
324     public function test_svg_script_usage_is_removed()
325     {
326         $checks = [
327             '<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',
328             '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',
329             '<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
330             '<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
331             '<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
332             '<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
333             '<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
334             '<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
335         ];
336
337         $this->asEditor();
338         $page = $this->entities->page();
339
340         foreach ($checks as $check) {
341             $page->html = $check;
342             $page->save();
343
344             $pageView = $this->get($page->getUrl());
345             $pageView->assertStatus(200);
346             $html = $this->withHtml($pageView);
347             $html->assertElementNotContains('.page-content', 'alert');
348             $html->assertElementNotContains('.page-content', 'xlink:href');
349             $html->assertElementNotContains('.page-content', 'application/xml');
350             $html->assertElementNotContains('.page-content', 'javascript');
351         }
352     }
353
354     public function test_page_inline_on_attributes_show_if_configured()
355     {
356         $this->asEditor();
357         $page = $this->entities->page();
358         config()->set('app.allow_content_scripts', 'true');
359
360         $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
361         $page->html = "escape {$script}";
362         $page->save();
363
364         $pageView = $this->get($page->getUrl());
365         $pageView->assertSee($script, false);
366         $pageView->assertDontSee('<p>Hello</p>', false);
367     }
368
369     public function test_duplicate_ids_does_not_break_page_render()
370     {
371         $this->asEditor();
372         $pageA = Page::query()->first();
373         $pageB = Page::query()->where('id', '!=', $pageA->id)->first();
374
375         $content = '<ul id="bkmrk-xxx-%28"></ul> <ul id="bkmrk-xxx-%28"></ul>';
376         $pageA->html = $content;
377         $pageA->save();
378
379         $pageB->html = '<ul id="bkmrk-xxx-%28"></ul> <p>{{@' . $pageA->id . '#test}}</p>';
380         $pageB->save();
381
382         $pageView = $this->get($pageB->getUrl());
383         $pageView->assertSuccessful();
384     }
385
386     public function test_duplicate_ids_fixed_on_page_save()
387     {
388         $this->asEditor();
389         $page = $this->entities->page();
390
391         $content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';
392         $pageSave = $this->put($page->getUrl(), [
393             'name'    => $page->name,
394             'html'    => $content,
395             'summary' => '',
396         ]);
397         $pageSave->assertRedirect();
398
399         $updatedPage = Page::query()->where('id', '=', $page->id)->first();
400         $this->assertEquals(substr_count($updatedPage->html, 'bkmrk-test"'), 1);
401     }
402
403     public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()
404     {
405         $this->asEditor();
406         $page = $this->entities->page();
407
408         $content = '<h1 id="non-standard-id">test</h1><p><a href="#non-standard-id">link</a></p>';
409         $this->put($page->getUrl(), [
410             'name'    => $page->name,
411             'html'    => $content,
412             'summary' => '',
413         ]);
414
415         $updatedPage = Page::query()->where('id', '=', $page->id)->first();
416         $this->assertStringContainsString('id="bkmrk-test"', $updatedPage->html);
417         $this->assertStringContainsString('href="#bkmrk-test"', $updatedPage->html);
418     }
419
420     public function test_get_page_nav_sets_correct_properties()
421     {
422         $content = '<h1 id="testa">Hello</h1><h2 id="testb">There</h2><h3 id="testc">Donkey</h3>';
423         $pageContent = new PageContent(new Page(['html' => $content]));
424         $navMap = $pageContent->getNavigation($content);
425
426         $this->assertCount(3, $navMap);
427         $this->assertArrayMapIncludes([
428             'nodeName' => 'h1',
429             'link'     => '#testa',
430             'text'     => 'Hello',
431             'level'    => 1,
432         ], $navMap[0]);
433         $this->assertArrayMapIncludes([
434             'nodeName' => 'h2',
435             'link'     => '#testb',
436             'text'     => 'There',
437             'level'    => 2,
438         ], $navMap[1]);
439         $this->assertArrayMapIncludes([
440             'nodeName' => 'h3',
441             'link'     => '#testc',
442             'text'     => 'Donkey',
443             'level'    => 3,
444         ], $navMap[2]);
445     }
446
447     public function test_get_page_nav_does_not_show_empty_titles()
448     {
449         $content = '<h1 id="testa">Hello</h1><h2 id="testb">&nbsp;</h2><h3 id="testc"></h3>';
450         $pageContent = new PageContent(new Page(['html' => $content]));
451         $navMap = $pageContent->getNavigation($content);
452
453         $this->assertCount(1, $navMap);
454         $this->assertArrayMapIncludes([
455             'nodeName' => 'h1',
456             'link'     => '#testa',
457             'text'     => 'Hello',
458         ], $navMap[0]);
459     }
460
461     public function test_get_page_nav_shifts_headers_if_only_smaller_ones_are_used()
462     {
463         $content = '<h4 id="testa">Hello</h4><h5 id="testb">There</h5><h6 id="testc">Donkey</h6>';
464         $pageContent = new PageContent(new Page(['html' => $content]));
465         $navMap = $pageContent->getNavigation($content);
466
467         $this->assertCount(3, $navMap);
468         $this->assertArrayMapIncludes([
469             'nodeName' => 'h4',
470             'level'    => 1,
471         ], $navMap[0]);
472         $this->assertArrayMapIncludes([
473             'nodeName' => 'h5',
474             'level'    => 2,
475         ], $navMap[1]);
476         $this->assertArrayMapIncludes([
477             'nodeName' => 'h6',
478             'level'    => 3,
479         ], $navMap[2]);
480     }
481
482     public function test_page_text_decodes_html_entities()
483     {
484         $page = $this->entities->page();
485
486         $this->actingAs($this->users->admin())
487             ->put($page->getUrl(''), [
488                 'name' => 'Testing',
489                 'html' => '<p>&quot;Hello &amp; welcome&quot;</p>',
490             ]);
491
492         $page->refresh();
493         $this->assertEquals('"Hello & welcome"', $page->text);
494     }
495
496     public function test_page_markdown_table_rendering()
497     {
498         $this->asEditor();
499         $page = $this->entities->page();
500
501         $content = '| Syntax      | Description |
502 | ----------- | ----------- |
503 | Header      | Title       |
504 | Paragraph   | Text        |';
505         $this->put($page->getUrl(), [
506             'name' => $page->name,  'markdown' => $content,
507             'html' => '', 'summary' => '',
508         ]);
509
510         $page->refresh();
511         $this->assertStringContainsString('</tbody>', $page->html);
512
513         $pageView = $this->get($page->getUrl());
514         $this->withHtml($pageView)->assertElementExists('.page-content table tbody td');
515     }
516
517     public function test_page_markdown_task_list_rendering()
518     {
519         $this->asEditor();
520         $page = $this->entities->page();
521
522         $content = '- [ ] Item a
523 - [x] Item b';
524         $this->put($page->getUrl(), [
525             'name' => $page->name,  'markdown' => $content,
526             'html' => '', 'summary' => '',
527         ]);
528
529         $page->refresh();
530         $this->assertStringContainsString('input', $page->html);
531         $this->assertStringContainsString('type="checkbox"', $page->html);
532
533         $pageView = $this->get($page->getUrl());
534         $this->withHtml($pageView)->assertElementExists('.page-content li.task-list-item input[type=checkbox]');
535         $this->withHtml($pageView)->assertElementExists('.page-content li.task-list-item input[type=checkbox][checked]');
536     }
537
538     public function test_page_markdown_strikethrough_rendering()
539     {
540         $this->asEditor();
541         $page = $this->entities->page();
542
543         $content = '~~some crossed out text~~';
544         $this->put($page->getUrl(), [
545             'name' => $page->name,  'markdown' => $content,
546             'html' => '', 'summary' => '',
547         ]);
548
549         $page->refresh();
550         $this->assertStringMatchesFormat('%A<s%A>some crossed out text</s>%A', $page->html);
551
552         $pageView = $this->get($page->getUrl());
553         $this->withHtml($pageView)->assertElementExists('.page-content p > s');
554     }
555
556     public function test_page_markdown_single_html_comment_saving()
557     {
558         $this->asEditor();
559         $page = $this->entities->page();
560
561         $content = '<!-- Test Comment -->';
562         $this->put($page->getUrl(), [
563             'name' => $page->name,  'markdown' => $content,
564             'html' => '', 'summary' => '',
565         ]);
566
567         $page->refresh();
568         $this->assertStringMatchesFormat($content, $page->html);
569
570         $pageView = $this->get($page->getUrl());
571         $pageView->assertStatus(200);
572         $pageView->assertSee($content, false);
573     }
574
575     public function test_base64_images_get_extracted_from_page_content()
576     {
577         $this->asEditor();
578         $page = $this->entities->page();
579
580         $this->put($page->getUrl(), [
581             'name' => $page->name, 'summary' => '',
582             'html' => '<p>test<img src="data:image/jpeg;base64,' . $this->base64Jpeg . '"/></p>',
583         ]);
584
585         $page->refresh();
586         $this->assertStringMatchesFormat('%A<p%A>test<img src="http://localhost/uploads/images/gallery/%A.jpeg">%A</p>%A', $page->html);
587
588         $matches = [];
589         preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);
590         $imagePath = $matches[1];
591         $imageFile = public_path($imagePath);
592         $this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile));
593
594         $this->deleteImage($imagePath);
595     }
596
597     public function test_base64_images_get_extracted_when_containing_whitespace()
598     {
599         $this->asEditor();
600         $page = $this->entities->page();
601
602         $base64PngWithWhitespace = "iVBORw0KGg\noAAAANSUhE\tUgAAAAEAAAA BCA   YAAAAfFcSJAAA\n\t ACklEQVR4nGMAAQAABQAB";
603         $base64PngWithoutWhitespace = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQAB';
604         $this->put($page->getUrl(), [
605             'name' => $page->name, 'summary' => '',
606             'html' => '<p>test<img src="data:image/png;base64,' . $base64PngWithWhitespace . '"/></p>',
607         ]);
608
609         $page->refresh();
610         $this->assertStringMatchesFormat('%A<p%A>test<img src="http://localhost/uploads/images/gallery/%A.png">%A</p>%A', $page->html);
611
612         $matches = [];
613         preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);
614         $imagePath = $matches[1];
615         $imageFile = public_path($imagePath);
616         $this->assertEquals(base64_decode($base64PngWithoutWhitespace), file_get_contents($imageFile));
617
618         $this->deleteImage($imagePath);
619     }
620
621     public function test_base64_images_within_html_blanked_if_not_supported_extension_for_extract()
622     {
623         // Relevant to https://github.com/BookStackApp/BookStack/issues/3010 and other cases
624         $extensions = [
625             'jiff', 'pngr', 'png ', ' png', '.png', 'png.', 'p.ng', ',png',
626             'data:image/png', ',data:image/png',
627         ];
628
629         foreach ($extensions as $extension) {
630             $this->asEditor();
631             $page = $this->entities->page();
632
633             $this->put($page->getUrl(), [
634                 'name' => $page->name, 'summary' => '',
635                 'html' => '<p>test<img src="data:image/' . $extension . ';base64,' . $this->base64Jpeg . '"/></p>',
636             ]);
637
638             $page->refresh();
639             $this->assertStringContainsString('<img src=""', $page->html);
640         }
641     }
642
643     public function test_base64_images_get_extracted_from_markdown_page_content()
644     {
645         $this->asEditor();
646         $page = $this->entities->page();
647
648         $this->put($page->getUrl(), [
649             'name'     => $page->name, 'summary' => '',
650             'markdown' => 'test ![test](data:image/jpeg;base64,' . $this->base64Jpeg . ')',
651         ]);
652
653         $page->refresh();
654         $this->assertStringMatchesFormat('%A<p%A>test <img src="http://localhost/uploads/images/gallery/%A.jpeg" alt="test">%A</p>%A', $page->html);
655
656         $matches = [];
657         preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);
658         $imagePath = $matches[1];
659         $imageFile = public_path($imagePath);
660         $this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile));
661
662         $this->deleteImage($imagePath);
663     }
664
665     public function test_markdown_base64_extract_not_limited_by_pcre_limits()
666     {
667         $pcreBacktrackLimit = ini_get('pcre.backtrack_limit');
668         $pcreRecursionLimit = ini_get('pcre.recursion_limit');
669
670         $this->asEditor();
671         $page = $this->entities->page();
672
673         ini_set('pcre.backtrack_limit', '500');
674         ini_set('pcre.recursion_limit', '500');
675
676         $content = str_repeat('a', 5000);
677         $base64Content = base64_encode($content);
678
679         $this->put($page->getUrl(), [
680             'name'     => $page->name, 'summary' => '',
681             'markdown' => 'test ![test](data:image/jpeg;base64,' . $base64Content . ') ![test](data:image/jpeg;base64,' . $base64Content . ')',
682         ]);
683
684         $page->refresh();
685         $this->assertStringMatchesFormat('<p%A>test <img src="http://localhost/uploads/images/gallery/%A.jpeg" alt="test"> <img src="http://localhost/uploads/images/gallery/%A.jpeg" alt="test">%A</p>%A', $page->html);
686
687         $matches = [];
688         preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);
689         $imagePath = $matches[1];
690         $imageFile = public_path($imagePath);
691         $this->assertEquals($content, file_get_contents($imageFile));
692
693         $this->deleteImage($imagePath);
694         ini_set('pcre.backtrack_limit', $pcreBacktrackLimit);
695         ini_set('pcre.recursion_limit', $pcreRecursionLimit);
696     }
697
698     public function test_base64_images_within_markdown_blanked_if_not_supported_extension_for_extract()
699     {
700         $page = $this->entities->page();
701
702         $this->asEditor()->put($page->getUrl(), [
703             'name'     => $page->name, 'summary' => '',
704             'markdown' => 'test ![test](data:image/jiff;base64,' . $this->base64Jpeg . ')',
705         ]);
706
707         $this->assertStringContainsString('<img src=""', $page->refresh()->html);
708     }
709
710     public function test_nested_headers_gets_assigned_an_id()
711     {
712         $page = $this->entities->page();
713
714         $content = '<table><tbody><tr><td><h5>Simple Test</h5></td></tr></tbody></table>';
715         $this->asEditor()->put($page->getUrl(), [
716             'name'    => $page->name,
717             'html'    => $content,
718         ]);
719
720         // The top level <table> node will get assign the bkmrk-simple-test id because the system will
721         // take the node value of h5
722         // So the h5 should get the bkmrk-simple-test-1 id
723         $this->assertStringContainsString('<h5 id="bkmrk-simple-test-1">Simple Test</h5>', $page->refresh()->html);
724     }
725
726     public function test_non_breaking_spaces_are_preserved()
727     {
728         $page = $this->entities->page();
729
730         $content = '<p>&nbsp;</p>';
731         $this->asEditor()->put($page->getUrl(), [
732             'name'    => $page->name,
733             'html'    => $content,
734         ]);
735
736         $this->assertStringContainsString('<p id="bkmrk-%C2%A0">&nbsp;</p>', $page->refresh()->html);
737     }
738 }
The core source code for the BookStack project.