]> BookStack Code Mirror - bookstack/blob - tests/Entity/PageContentTest.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added togglable script escaping to page content
[bookstack] / tests / Entity / PageContentTest.php
1 <?php namespace Tests;
2
3 use BookStack\Page;
4 use BookStack\Repos\EntityRepo;
5
6 class PageContentTest extends TestCase
7 {
8
9     public function test_page_includes()
10     {
11         $page = Page::first();
12         $secondPage = Page::where('id', '!=', $page->id)->first();
13
14         $secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";
15         $secondPage->save();
16
17         $this->asEditor();
18
19         $pageContent = $this->get($page->getUrl());
20         $pageContent->assertDontSee('Hello, This is a test');
21
22         $originalHtml = $page->html;
23         $page->html .= "{{@{$secondPage->id}}}";
24         $page->save();
25
26         $pageContent = $this->get($page->getUrl());
27         $pageContent->assertSee('Hello, This is a test');
28         $pageContent->assertSee('This is a second block of content');
29
30         $page->html = $originalHtml . " Well {{@{$secondPage->id}#section2}}";
31         $page->save();
32
33         $pageContent = $this->get($page->getUrl());
34         $pageContent->assertDontSee('Hello, This is a test');
35         $pageContent->assertSee('Well This is a second block of content');
36     }
37
38     public function test_saving_page_with_includes()
39     {
40         $page = Page::first();
41         $secondPage = Page::where('id', '!=', $page->id)->first();
42         $this->asEditor();
43         $page->html = "<p>{{@$secondPage->id}}</p>";
44
45         $resp = $this->put($page->getUrl(), ['name' => $page->name, 'html' => $page->html, 'summary' => '']);
46
47         $resp->assertStatus(302);
48
49         $page = Page::find($page->id);
50         $this->assertContains("{{@$secondPage->id}}", $page->html);
51     }
52
53     public function test_page_includes_do_not_break_tables()
54     {
55         $page = Page::first();
56         $secondPage = Page::where('id', '!=', $page->id)->first();
57
58         $content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';
59         $secondPage->html = $content;
60         $secondPage->save();
61
62         $page->html = "{{@{$secondPage->id}#table}}";
63         $page->save();
64
65         $this->asEditor();
66         $pageResp = $this->get($page->getUrl());
67         $pageResp->assertSee($content);
68     }
69
70     public function test_page_revision_views_viewable()
71     {
72         $this->asEditor();
73
74         $entityRepo = $this->app[EntityRepo::class];
75         $page = Page::first();
76         $entityRepo->updatePage($page, $page->book_id, ['name' => 'updated page', 'html' => '<p>new content</p>', 'summary' => 'page revision testing']);
77         $pageRevision = $page->revisions->last();
78
79         $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
80         $revisionView->assertStatus(200);
81         $revisionView->assertSee('new content');
82
83         $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id . '/changes');
84         $revisionView->assertStatus(200);
85         $revisionView->assertSee('new content');
86     }
87
88     public function test_page_revision_restore_updates_content()
89     {
90         $this->asEditor();
91
92         $entityRepo = $this->app[EntityRepo::class];
93         $page = Page::first();
94         $entityRepo->updatePage($page, $page->book_id, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'initial page revision testing']);
95         $entityRepo->updatePage($page, $page->book_id, ['name' => 'updated page again', 'html' => '<p>new content</p>', 'summary' => 'page revision testing']);
96         $page =  Page::find($page->id);
97
98
99         $pageView = $this->get($page->getUrl());
100         $pageView->assertDontSee('abc123');
101         $pageView->assertDontSee('def456');
102
103         $revToRestore = $page->revisions()->where('name', 'like', '%abc123')->first();
104         $restoreReq = $this->get($page->getUrl() . '/revisions/' . $revToRestore->id . '/restore');
105         $page =  Page::find($page->id);
106
107         $restoreReq->assertStatus(302);
108         $restoreReq->assertRedirect($page->getUrl());
109
110         $pageView = $this->get($page->getUrl());
111         $pageView->assertSee('abc123');
112         $pageView->assertSee('def456');
113     }
114
115     public function test_page_content_scripts_escaped_by_default()
116     {
117         $this->asEditor();
118         $page = Page::first();
119         $script = '<script>console.log("hello-test")</script>';
120         $page->html = "escape {$script}";
121         $page->save();
122
123         $pageView = $this->get($page->getUrl());
124         $pageView->assertDontSee($script);
125         $pageView->assertSee(htmlentities($script));
126     }
127
128     public function test_page_content_scripts_show_when_configured()
129     {
130         $this->asEditor();
131         $page = Page::first();
132         config()->push('app.allow_content_scripts', 'true');
133         $script = '<script>console.log("hello-test")</script>';
134         $page->html = "no escape {$script}";
135         $page->save();
136
137         $pageView = $this->get($page->getUrl());
138         $pageView->assertSee($script);
139         $pageView->assertDontSee(htmlentities($script));
140     }
141
142 }
The core source code for the BookStack project.