BookStack Code Mirror - bookstack/blob - tests/Entity/PageContentTest.php

1 <?php

2

3 namespace Tests\Entity;

4

5 use BookStack\Entities\Models\Page;

6 use BookStack\Entities\Tools\PageContent;

7 use Tests\TestCase;

8

9 class PageContentTest extends TestCase

10 {

11 protected $base64Jpeg = '/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=';

12

13 public function test_page_includes()

14 {

15 $page = $this->entities->page();

16 $secondPage = $this->entities->page();

17

18 $secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";

19 $secondPage->save();

20

21 $this->asEditor();

22

23 $pageContent = $this->get($page->getUrl());

24 $pageContent->assertDontSee('Hello, This is a test');

25

26 $originalHtml = $page->html;

27 $page->html .= "{{@{$secondPage->id}}}";

28 $page->save();

29

30 $pageContent = $this->get($page->getUrl());

31 $pageContent->assertSee('Hello, This is a test');

32 $pageContent->assertSee('This is a second block of content');

33

34 $page->html = $originalHtml . " Well {{@{$secondPage->id}#section2}}";

35 $page->save();

36

37 $pageContent = $this->get($page->getUrl());

38 $pageContent->assertDontSee('Hello, This is a test');

39 $pageContent->assertSee('Well This is a second block of content');

40 }

41

42 public function test_saving_page_with_includes()

43 {

44 $page = $this->entities->page();

45 $secondPage = $this->entities->page();

46

47 $this->asEditor();

48 $includeTag = '{{@' . $secondPage->id . '}}';

49 $page->html = '<p>' . $includeTag . '</p>';

50

51 $resp = $this->put($page->getUrl(), ['name' => $page->name, 'html' => $page->html, 'summary' => '']);

52

53 $resp->assertStatus(302);

54

55 $page = Page::find($page->id);

56 $this->assertStringContainsString($includeTag, $page->html);

57 $this->assertEquals('', $page->text);

58 }

59

60 public function test_page_includes_do_not_break_tables()

61 {

62 $page = $this->entities->page();

63 $secondPage = $this->entities->page();

64

65 $content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';

66 $secondPage->html = $content;

67 $secondPage->save();

68

69 $page->html = "{{@{$secondPage->id}#table}}";

70 $page->save();

71

72 $pageResp = $this->asEditor()->get($page->getUrl());

73 $pageResp->assertSee($content, false);

74 }

75

76 public function test_page_includes_do_not_break_code()

77 {

78 $page = $this->entities->page();

79 $secondPage = $this->entities->page();

80

81 $content = '<pre id="bkmrk-code"><code>var cat = null;</code></pre>';

82 $secondPage->html = $content;

83 $secondPage->save();

84

85 $page->html = "{{@{$secondPage->id}#bkmrk-code}}";

86 $page->save();

87

88 $pageResp = $this->asEditor()->get($page->getUrl());

89 $pageResp->assertSee($content, false);

90 }

91

92 public function test_page_includes_rendered_on_book_export()

93 {

94 $page = $this->entities->page();

95 $secondPage = Page::query()

96 ->where('book_id', '!=', $page->book_id)

97 ->first();

98

99 $content = '<p id="bkmrk-meow">my cat is awesome and scratchy</p>';

100 $secondPage->html = $content;

101 $secondPage->save();

102

103 $page->html = "{{@{$secondPage->id}#bkmrk-meow}}";

104 $page->save();

105

106 $this->asEditor();

107 $htmlContent = $this->get($page->book->getUrl('/export/html'));

108 $htmlContent->assertSee('my cat is awesome and scratchy');

109 }

110

111 public function test_page_includes_can_be_nested_up_to_three_times()

112 {

113 $page = $this->entities->page();

114 $tag = "{{@{$page->id}#bkmrk-test}}";

115 $page->html = '<p id="bkmrk-test">Hello Barry ' . $tag . '</p>';

116 $page->save();

117

118 $pageResp = $this->asEditor()->get($page->getUrl());

119 $this->withHtml($pageResp)->assertElementContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry ' . $tag);

120 }

121

122 public function test_page_content_scripts_removed_by_default()

123 {

124 $this->asEditor();

125 $page = $this->entities->page();

126 $script = 'abc123<script>console.log("hello-test")</script>abc123';

127 $page->html = "escape {$script}";

128 $page->save();

129

130 $pageView = $this->get($page->getUrl());

131 $pageView->assertStatus(200);

132 $pageView->assertDontSee($script, false);

133 $pageView->assertSee('abc123abc123');

134 }

135

136 public function test_more_complex_content_script_escaping_scenarios()

137 {

138 $checks = [

139 "<p>Some script</p><script>alert('cat')</script>",

140 "<div><div><div><div><p>Some script</p><script>alert('cat')</script></div></div></div></div>",

141 "<p>Some script<script>alert('cat')</script></p>",

142 "<p>Some script <div><script>alert('cat')</script></div></p>",

143 "<p>Some script <script><div>alert('cat')</script></div></p>",

144 "<p>Some script <script><div>alert('cat')</script><script><div>alert('cat')</script></p><script><div>alert('cat')</script>",

145 ];

146

147 $this->asEditor();

148 $page = $this->entities->page();

149

150 foreach ($checks as $check) {

151 $page->html = $check;

152 $page->save();

153

154 $pageView = $this->get($page->getUrl());

155 $pageView->assertStatus(200);

156 $this->withHtml($pageView)->assertElementNotContains('.page-content', '<script>');

157 $this->withHtml($pageView)->assertElementNotContains('.page-content', '</script>');

158 }

159 }

160

161 public function test_js_and_base64_src_urls_are_removed()

162 {

163 $checks = [

164 '<iframe src="javascript:alert(document.cookie)"></iframe>',

165 '<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',

166 '<iframe src="JavAScRipT:alert(document.cookie)"></iframe>',

167 '<iframe SRC=" javascript: alert(document.cookie)"></iframe>',

168 '<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',

169 '<iframe src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',

170 '<iframe src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg==" frameborder="0"></iframe>',

171 '<img src="javascript:alert(document.cookie)"/>',

172 '<img src="JavAScRipT:alert(document.cookie)"/>',

173 '<img src="JavAScRipT:alert(document.cookie)"/>',

174 '<img SRC=" javascript: alert(document.cookie)"/>',

175 '<img src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',

176 '<img src="DaTa:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',

177 '<img src=" data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGVsbG8nKTwvc2NyaXB0Pg=="/>',

178 '<iframe srcdoc="<script>window.alert(document.cookie)</script>"></iframe>',

179 '<iframe SRCdoc="<script>window.alert(document.cookie)</script>"></iframe>',

180 '<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',

181 ];

182

183 $this->asEditor();

184 $page = $this->entities->page();

185

186 foreach ($checks as $check) {

187 $page->html = $check;

188 $page->save();

189

190 $pageView = $this->get($page->getUrl());

191 $pageView->assertStatus(200);

192 $html = $this->withHtml($pageView);

193 $html->assertElementNotContains('.page-content', '<iframe>');

194 $html->assertElementNotContains('.page-content', '<img');

195 $html->assertElementNotContains('.page-content', '</iframe>');

196 $html->assertElementNotContains('.page-content', 'src=');

197 $html->assertElementNotContains('.page-content', 'javascript:');

198 $html->assertElementNotContains('.page-content', 'data:');

199 $html->assertElementNotContains('.page-content', 'base64');

200 }

201 }

202

203 public function test_javascript_uri_links_are_removed()

204 {

205 $checks = [

206 '<a id="xss" href="javascript:alert(document.cookie)>Click me</a>',

207 '<a id="xss" href="javascript: alert(document.cookie)>Click me</a>',

208 '<a id="xss" href="JaVaScRiPt: alert(document.cookie)>Click me</a>',

209 '<a id="xss" href=" JaVaScRiPt: alert(document.cookie)>Click me</a>',

210 ];

211

212 $this->asEditor();

213 $page = $this->entities->page();

214

215 foreach ($checks as $check) {

216 $page->html = $check;

217 $page->save();

218

219 $pageView = $this->get($page->getUrl());

220 $pageView->assertStatus(200);

221 $this->withHtml($pageView)->assertElementNotContains('.page-content', '<a id="xss"');

222 $this->withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:');

223 }

224 }

225

226 public function test_form_actions_with_javascript_are_removed()

227 {

228 $checks = [

229 '<form><input id="xss" type=submit formaction=javascript:alert(document.domain) value=Submit><input></form>',

230 '<form ><button id="xss" formaction="JaVaScRiPt:alert(document.domain)">Click me</button></form>',

231 '<form ><button id="xss" formaction=javascript:alert(document.domain)>Click me</button></form>',

232 '<form id="xss" action=javascript:alert(document.domain)><input type=submit value=Submit></form>',

233 '<form id="xss" action="JaVaScRiPt:alert(document.domain)"><input type=submit value=Submit></form>',

234 ];

235

236 $this->asEditor();

237 $page = $this->entities->page();

238

239 foreach ($checks as $check) {

240 $page->html = $check;

241 $page->save();

242

243 $pageView = $this->get($page->getUrl());

244 $pageView->assertStatus(200);

245 $this->withHtml($pageView)->assertElementNotContains('.page-content', '<button id="xss"');

246 $this->withHtml($pageView)->assertElementNotContains('.page-content', '<input id="xss"');

247 $this->withHtml($pageView)->assertElementNotContains('.page-content', '<form id="xss"');

248 $this->withHtml($pageView)->assertElementNotContains('.page-content', 'action=javascript:');

249 $this->withHtml($pageView)->assertElementNotContains('.page-content', 'formaction=javascript:');

250 }

251 }

252

253 public function test_metadata_redirects_are_removed()

254 {

255 $checks = [

256 '<meta http-equiv="refresh" content="0; url=//external_url">',

257 '<meta http-equiv="refresh" ConTeNt="0; url=//external_url">',

258 '<meta http-equiv="refresh" content="0; UrL=//external_url">',

259 ];

260

261 $this->asEditor();

262 $page = $this->entities->page();

263

264 foreach ($checks as $check) {

265 $page->html = $check;

266 $page->save();

267

268 $pageView = $this->get($page->getUrl());

269 $pageView->assertStatus(200);

270 $this->withHtml($pageView)->assertElementNotContains('.page-content', '<meta>');

271 $this->withHtml($pageView)->assertElementNotContains('.page-content', '</meta>');

272 $this->withHtml($pageView)->assertElementNotContains('.page-content', 'content=');

273 $this->withHtml($pageView)->assertElementNotContains('.page-content', 'external_url');

274 }

275 }

276

277 public function test_page_inline_on_attributes_removed_by_default()

278 {

279 $this->asEditor();

280 $page = $this->entities->page();

281 $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';

282 $page->html = "escape {$script}";

283 $page->save();

284

285 $pageView = $this->get($page->getUrl());

286 $pageView->assertStatus(200);

287 $pageView->assertDontSee($script, false);

288 $pageView->assertSee('<p>Hello</p>', false);

289 }

290

291 public function test_more_complex_inline_on_attributes_escaping_scenarios()

292 {

293 $checks = [

294 '<p onclick="console.log(\'test\')">Hello</p>',

295 '<p OnCliCk="console.log(\'test\')">Hello</p>',

296 '<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',

297 '<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',

298 '<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></div></div>',

299 '<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p><div></div>',

300 '<a a="<img src=1 onerror=\'alert(1)\'> ',

301 '\<a onclick="alert(document.cookie)"\>xss link\</a\>',

302 ];

303

304 $this->asEditor();

305 $page = $this->entities->page();

306

307 foreach ($checks as $check) {

308 $page->html = $check;

309 $page->save();

310

311 $pageView = $this->get($page->getUrl());

312 $pageView->assertStatus(200);

313 $this->withHtml($pageView)->assertElementNotContains('.page-content', 'onclick');

314 }

315 }

316

317 public function test_page_content_scripts_show_when_configured()

318 {

319 $this->asEditor();

320 $page = $this->entities->page();

321 config()->set('app.allow_content_scripts', 'true');

322

323 $script = 'abc123<script>console.log("hello-test")</script>abc123';

324 $page->html = "no escape {$script}";

325 $page->save();

326

327 $pageView = $this->get($page->getUrl());

328 $pageView->assertSee($script, false);

329 $pageView->assertDontSee('abc123abc123');

330 }

331

332 public function test_svg_script_usage_is_removed()

333 {

334 $checks = [

335 '<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',

336 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',

337 '<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',

338 '<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',

339 '<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',

340 '<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',

341 '<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',

342 '<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',

343 ];

344

345 $this->asEditor();

346 $page = $this->entities->page();

347

348 foreach ($checks as $check) {

349 $page->html = $check;

350 $page->save();

351

352 $pageView = $this->get($page->getUrl());

353 $pageView->assertStatus(200);

354 $html = $this->withHtml($pageView);

355 $html->assertElementNotContains('.page-content', 'alert');

356 $html->assertElementNotContains('.page-content', 'xlink:href');

357 $html->assertElementNotContains('.page-content', 'application/xml');

358 $html->assertElementNotContains('.page-content', 'javascript');

359 }

360 }

361

362 public function test_page_inline_on_attributes_show_if_configured()

363 {

364 $this->asEditor();

365 $page = $this->entities->page();

366 config()->set('app.allow_content_scripts', 'true');

367

368 $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';

369 $page->html = "escape {$script}";

370 $page->save();

371

372 $pageView = $this->get($page->getUrl());

373 $pageView->assertSee($script, false);

374 $pageView->assertDontSee('<p>Hello</p>', false);

375 }

376

377 public function test_duplicate_ids_does_not_break_page_render()

378 {

379 $this->asEditor();

380 $pageA = Page::query()->first();

381 $pageB = Page::query()->where('id', '!=', $pageA->id)->first();

382

383 $content = '<ul id="bkmrk-xxx-%28"></ul> <ul id="bkmrk-xxx-%28"></ul>';

384 $pageA->html = $content;

385 $pageA->save();

386

387 $pageB->html = '<ul id="bkmrk-xxx-%28"></ul> <p>{{@' . $pageA->id . '#test}}</p>';

388 $pageB->save();

389

390 $pageView = $this->get($pageB->getUrl());

391 $pageView->assertSuccessful();

392 }

393

394 public function test_duplicate_ids_fixed_on_page_save()

395 {

396 $this->asEditor();

397 $page = $this->entities->page();

398

399 $content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';

400 $pageSave = $this->put($page->getUrl(), [

401 'name' => $page->name,

402 'html' => $content,

403 'summary' => '',

404 ]);

405 $pageSave->assertRedirect();

406

407 $updatedPage = Page::query()->where('id', '=', $page->id)->first();

408 $this->assertEquals(substr_count($updatedPage->html, 'bkmrk-test"'), 1);

409 }

410

411 public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()

412 {

413 $this->asEditor();

414 $page = $this->entities->page();

415

416 $content = '<h1 id="non-standard-id">test</h1><p><a href="#non-standard-id">link</a></p>';

417 $this->put($page->getUrl(), [

418 'name' => $page->name,

419 'html' => $content,

420 'summary' => '',

421 ]);

422

423 $updatedPage = Page::query()->where('id', '=', $page->id)->first();

424 $this->assertStringContainsString('id="bkmrk-test"', $updatedPage->html);

425 $this->assertStringContainsString('href="#bkmrk-test"', $updatedPage->html);

426 }

427

428 public function test_get_page_nav_sets_correct_properties()

429 {

430 $content = '<h1 id="testa">Hello</h1><h2 id="testb">There</h2><h3 id="testc">Donkey</h3>';

431 $pageContent = new PageContent(new Page(['html' => $content]));

432 $navMap = $pageContent->getNavigation($content);

433

434 $this->assertCount(3, $navMap);

435 $this->assertArrayMapIncludes([

436 'nodeName' => 'h1',

437 'link' => '#testa',

438 'text' => 'Hello',

439 'level' => 1,

440 ], $navMap[0]);

441 $this->assertArrayMapIncludes([

442 'nodeName' => 'h2',

443 'link' => '#testb',

444 'text' => 'There',

445 'level' => 2,

446 ], $navMap[1]);

447 $this->assertArrayMapIncludes([

448 'nodeName' => 'h3',

449 'link' => '#testc',

450 'text' => 'Donkey',

451 'level' => 3,

452 ], $navMap[2]);

453 }

454

455 public function test_get_page_nav_does_not_show_empty_titles()

456 {

457 $content = '<h1 id="testa">Hello</h1><h2 id="testb"> </h2><h3 id="testc"></h3>';

458 $pageContent = new PageContent(new Page(['html' => $content]));

459 $navMap = $pageContent->getNavigation($content);

460

461 $this->assertCount(1, $navMap);

462 $this->assertArrayMapIncludes([

463 'nodeName' => 'h1',

464 'link' => '#testa',

465 'text' => 'Hello',

466 ], $navMap[0]);

467 }

468

469 public function test_get_page_nav_shifts_headers_if_only_smaller_ones_are_used()

470 {

471 $content = '<h4 id="testa">Hello</h4><h5 id="testb">There</h5><h6 id="testc">Donkey</h6>';

472 $pageContent = new PageContent(new Page(['html' => $content]));

473 $navMap = $pageContent->getNavigation($content);

474

475 $this->assertCount(3, $navMap);

476 $this->assertArrayMapIncludes([

477 'nodeName' => 'h4',

478 'level' => 1,

479 ], $navMap[0]);

480 $this->assertArrayMapIncludes([

481 'nodeName' => 'h5',

482 'level' => 2,

483 ], $navMap[1]);

484 $this->assertArrayMapIncludes([

485 'nodeName' => 'h6',

486 'level' => 3,

487 ], $navMap[2]);

488 }

489

490 public function test_page_text_decodes_html_entities()

491 {

492 $page = $this->entities->page();

493

494 $this->actingAs($this->users->admin())

495 ->put($page->getUrl(''), [

496 'name' => 'Testing',

497 'html' => '<p>"Hello & welcome"</p>',

498 ]);

499

500 $page->refresh();

501 $this->assertEquals('"Hello & welcome"', $page->text);

502 }

503

504 public function test_page_markdown_table_rendering()

505 {

506 $this->asEditor();

507 $page = $this->entities->page();

508

509 $content = '| Syntax | Description |

510 | ----------- | ----------- |

511 | Header | Title |

512 | Paragraph | Text |';

513 $this->put($page->getUrl(), [

514 'name' => $page->name, 'markdown' => $content,

515 'html' => '', 'summary' => '',

516 ]);

517

518 $page->refresh();

519 $this->assertStringContainsString('</tbody>', $page->html);

520

521 $pageView = $this->get($page->getUrl());

522 $this->withHtml($pageView)->assertElementExists('.page-content table tbody td');

523 }

524

525 public function test_page_markdown_task_list_rendering()

526 {

527 $this->asEditor();

528 $page = $this->entities->page();

529

530 $content = '- [ ] Item a

531 - [x] Item b';

532 $this->put($page->getUrl(), [

533 'name' => $page->name, 'markdown' => $content,

534 'html' => '', 'summary' => '',

535 ]);

536

537 $page->refresh();

538 $this->assertStringContainsString('input', $page->html);

539 $this->assertStringContainsString('type="checkbox"', $page->html);

540

541 $pageView = $this->get($page->getUrl());

542 $this->withHtml($pageView)->assertElementExists('.page-content li.task-list-item input[type=checkbox]');

543 $this->withHtml($pageView)->assertElementExists('.page-content li.task-list-item input[type=checkbox][checked]');

544 }

545

546 public function test_page_markdown_strikethrough_rendering()

547 {

548 $this->asEditor();

549 $page = $this->entities->page();

550

551 $content = '~~some crossed out text~~';

552 $this->put($page->getUrl(), [

553 'name' => $page->name, 'markdown' => $content,

554 'html' => '', 'summary' => '',

555 ]);

556

557 $page->refresh();

558 $this->assertStringMatchesFormat('%A<s%A>some crossed out text</s>%A', $page->html);

559

560 $pageView = $this->get($page->getUrl());

561 $this->withHtml($pageView)->assertElementExists('.page-content p > s');

562 }

563

564 public function test_page_markdown_single_html_comment_saving()

565 {

566 $this->asEditor();

567 $page = $this->entities->page();

568

569 $content = '';

570 $this->put($page->getUrl(), [

571 'name' => $page->name, 'markdown' => $content,

572 'html' => '', 'summary' => '',

573 ]);

574

575 $page->refresh();

576 $this->assertStringMatchesFormat($content, $page->html);

577

578 $pageView = $this->get($page->getUrl());

579 $pageView->assertStatus(200);

580 $pageView->assertSee($content, false);

581 }

582

583 public function test_base64_images_get_extracted_from_page_content()

584 {

585 $this->asEditor();

586 $page = $this->entities->page();

587

588 $this->put($page->getUrl(), [

589 'name' => $page->name, 'summary' => '',

590 'html' => '<p>test<img src="data:image/jpeg;base64,' . $this->base64Jpeg . '"/></p>',

591 ]);

592

593 $page->refresh();

594 $this->assertStringMatchesFormat('%A<p%A>test<img src="http://localhost/uploads/images/gallery/%A.jpeg">%A</p>%A', $page->html);

595

596 $matches = [];

597 preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);

598 $imagePath = $matches[1];

599 $imageFile = public_path($imagePath);

600 $this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile));

601

602 $this->files->deleteAtRelativePath($imagePath);

603 }

604

605 public function test_base64_images_get_extracted_when_containing_whitespace()

606 {

607 $this->asEditor();

608 $page = $this->entities->page();

609

610 $base64PngWithWhitespace = "iVBORw0KGg\noAAAANSUhE\tUgAAAAEAAAA BCA YAAAAfFcSJAAA\n\t ACklEQVR4nGMAAQAABQAB";

611 $base64PngWithoutWhitespace = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQAB';

612 $this->put($page->getUrl(), [

613 'name' => $page->name, 'summary' => '',

614 'html' => '<p>test<img src="data:image/png;base64,' . $base64PngWithWhitespace . '"/></p>',

615 ]);

616

617 $page->refresh();

618 $this->assertStringMatchesFormat('%A<p%A>test<img src="http://localhost/uploads/images/gallery/%A.png">%A</p>%A', $page->html);

619

620 $matches = [];

621 preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);

622 $imagePath = $matches[1];

623 $imageFile = public_path($imagePath);

624 $this->assertEquals(base64_decode($base64PngWithoutWhitespace), file_get_contents($imageFile));

625

626 $this->files->deleteAtRelativePath($imagePath);

627 }

628

629 public function test_base64_images_within_html_blanked_if_not_supported_extension_for_extract()

630 {

631 // Relevant to https://github.com/BookStackApp/BookStack/issues/3010 and other cases

632 $extensions = [

633 'jiff', 'pngr', 'png ', ' png', '.png', 'png.', 'p.ng', ',png',

634 'data:image/png', ',data:image/png',

635 ];

636

637 foreach ($extensions as $extension) {

638 $this->asEditor();

639 $page = $this->entities->page();

640

641 $this->put($page->getUrl(), [

642 'name' => $page->name, 'summary' => '',

643 'html' => '<p>test<img src="data:image/' . $extension . ';base64,' . $this->base64Jpeg . '"/></p>',

644 ]);

645

646 $page->refresh();

647 $this->assertStringContainsString('<img src=""', $page->html);

648 }

649 }

650

651 public function test_base64_images_get_extracted_from_markdown_page_content()

652 {

653 $this->asEditor();

654 $page = $this->entities->page();

655

656 $this->put($page->getUrl(), [

657 'name' => $page->name, 'summary' => '',

658 'markdown' => 'test ![test](data:image/jpeg;base64,' . $this->base64Jpeg . ')',

659 ]);

660

661 $page->refresh();

662 $this->assertStringMatchesFormat('%A<p%A>test <img src="http://localhost/uploads/images/gallery/%A.jpeg" alt="test">%A</p>%A', $page->html);

663

664 $matches = [];

665 preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);

666 $imagePath = $matches[1];

667 $imageFile = public_path($imagePath);

668 $this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile));

669

670 $this->files->deleteAtRelativePath($imagePath);

671 }

672

673 public function test_markdown_base64_extract_not_limited_by_pcre_limits()

674 {

675 $pcreBacktrackLimit = ini_get('pcre.backtrack_limit');

676 $pcreRecursionLimit = ini_get('pcre.recursion_limit');

677

678 $this->asEditor();

679 $page = $this->entities->page();

680

681 ini_set('pcre.backtrack_limit', '500');

682 ini_set('pcre.recursion_limit', '500');

683

684 $content = str_repeat('a', 5000);

685 $base64Content = base64_encode($content);

686

687 $this->put($page->getUrl(), [

688 'name' => $page->name, 'summary' => '',

689 'markdown' => 'test ![test](data:image/jpeg;base64,' . $base64Content . ') ![test](data:image/jpeg;base64,' . $base64Content . ')',

690 ]);

691

692 $page->refresh();

693 $this->assertStringMatchesFormat('<p%A>test <img src="http://localhost/uploads/images/gallery/%A.jpeg" alt="test"> <img src="http://localhost/uploads/images/gallery/%A.jpeg" alt="test">%A</p>%A', $page->html);

694

695 $matches = [];

696 preg_match('/src="https:\/\/p.rizon.top:443\/http\/localhost(.*?)"/', $page->html, $matches);

697 $imagePath = $matches[1];

698 $imageFile = public_path($imagePath);

699 $this->assertEquals($content, file_get_contents($imageFile));

700

701 $this->files->deleteAtRelativePath($imagePath);

702 ini_set('pcre.backtrack_limit', $pcreBacktrackLimit);

703 ini_set('pcre.recursion_limit', $pcreRecursionLimit);

704 }

705