use BookStack\Entities\Models\Page;
use BookStack\Entities\Tools\PageContent;
use Tests\TestCase;
-use Tests\Uploads\UsesImages;
class PageContentTest extends TestCase
{
- use UsesImages;
-
- protected $base64Jpeg = '/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=';
+ protected string $base64Jpeg = '/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=';
public function test_page_includes()
{
- $page = Page::query()->first();
- $secondPage = Page::query()->where('id', '!=', $page->id)->first();
+ $page = $this->entities->page();
+ $secondPage = $this->entities->page();
$secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";
$secondPage->save();
public function test_saving_page_with_includes()
{
- $page = Page::query()->first();
- $secondPage = Page::query()->where('id', '!=', $page->id)->first();
+ $page = $this->entities->page();
+ $secondPage = $this->entities->page();
$this->asEditor();
$includeTag = '{{@' . $secondPage->id . '}}';
$this->assertEquals('', $page->text);
}
- public function test_page_includes_do_not_break_tables()
+ public function test_page_includes_rendered_on_book_export()
{
- /** @var Page $page */
- $page = Page::query()->first();
- /** @var Page $secondPage */
- $secondPage = Page::query()->where('id', '!=', $page->id)->first();
+ $page = $this->entities->page();
+ $secondPage = Page::query()
+ ->where('book_id', '!=', $page->book_id)
+ ->first();
- $content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';
+ $content = '<p id="bkmrk-meow">my cat is awesome and scratchy</p>';
$secondPage->html = $content;
$secondPage->save();
- $page->html = "{{@{$secondPage->id}#table}}";
+ $page->html = "{{@{$secondPage->id}#bkmrk-meow}}";
$page->save();
- $pageResp = $this->asEditor()->get($page->getUrl());
- $pageResp->assertSee($content, false);
+ $this->asEditor();
+ $htmlContent = $this->get($page->book->getUrl('/export/html'));
+ $htmlContent->assertSee('my cat is awesome and scratchy');
}
- public function test_page_includes_do_not_break_code()
+ public function test_page_includes_can_be_nested_up_to_three_times()
{
- /** @var Page $page */
- $page = Page::query()->first();
- /** @var Page $secondPage */
- $secondPage = Page::query()->where('id', '!=', $page->id)->first();
-
- $content = '<pre id="bkmrk-code"><code>var cat = null;</code></pre>';
- $secondPage->html = $content;
- $secondPage->save();
-
- $page->html = "{{@{$secondPage->id}#bkmrk-code}}";
+ $page = $this->entities->page();
+ $tag = "{{@{$page->id}#bkmrk-test}}";
+ $page->html = '<p id="bkmrk-test">Hello Barry ' . $tag . '</p>';
$page->save();
$pageResp = $this->asEditor()->get($page->getUrl());
- $pageResp->assertSee($content, false);
+ $this->withHtml($pageResp)->assertElementContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry Hello Barry ' . $tag);
+ $this->withHtml($pageResp)->assertElementNotContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry Hello Barry Hello Barry ' . $tag);
}
- public function test_page_includes_rendered_on_book_export()
+ public function test_page_includes_to_nonexisting_pages_does_not_error()
{
- $page = Page::query()->first();
- $secondPage = Page::query()
- ->where('book_id', '!=', $page->book_id)
- ->first();
-
- $content = '<p id="bkmrk-meow">my cat is awesome and scratchy</p>';
- $secondPage->html = $content;
- $secondPage->save();
-
- $page->html = "{{@{$secondPage->id}#bkmrk-meow}}";
+ $page = $this->entities->page();
+ $missingId = Page::query()->max('id') + 1;
+ $tag = "{{@{$missingId}}}";
+ $page->html = '<p id="bkmrk-test">Hello Barry ' . $tag . '</p>';
$page->save();
- $this->asEditor();
- $htmlContent = $this->get($page->book->getUrl('/export/html'));
- $htmlContent->assertSee('my cat is awesome and scratchy');
+ $pageResp = $this->asEditor()->get($page->getUrl());
+ $pageResp->assertOk();
+ $pageResp->assertSee('Hello Barry');
}
public function test_page_content_scripts_removed_by_default()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "escape {$script}";
$page->save();
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
public function test_page_inline_on_attributes_removed_by_default()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
$page->save();
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
public function test_page_content_scripts_show_when_configured()
{
$this->asEditor();
- $page = Page::query()->first();
- config()->push('app.allow_content_scripts', 'true');
+ $page = $this->entities->page();
+ config()->set('app.allow_content_scripts', 'true');
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "no escape {$script}";
$pageView->assertDontSee('abc123abc123');
}
- public function test_svg_xlink_hrefs_are_removed()
+ public function test_svg_script_usage_is_removed()
{
$checks = [
'<svg id="test" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100" height="100"><a xlink:href="javascript:alert(document.domain)"><rect x="0" y="0" width="100" height="100" /></a></svg>',
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64 ,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjAiIGN4PSIwIiBjeT0iMCIgc3R5bGU9ImZpbGw6ICNGMDAiPgo8c2V0IGF0dHJpYnV0ZU5hbWU9ImZpbGwiIGF0dHJpYnV0ZVR5cGU9IkNTUyIgb25iZWdpbj0nYWxlcnQoZG9jdW1lbnQuZG9tYWluKScKb25lbmQ9J2FsZXJ0KCJvbmVuZCIpJyB0bz0iIzAwRiIgYmVnaW49IjBzIiBkdXI9Ijk5OXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/></svg>',
+ '<svg><animate href=#xss attributeName=href values=javascript:alert(1) /></svg>',
+ '<svg><animate href="#xss" attributeName="href" values="a;javascript:alert(1)" /></svg>',
+ '<svg><animate href="#xss" attributeName="href" values="a;data:alert(1)" /></svg>',
+ '<svg><animate href=#xss attributeName=href from=javascript:alert(1) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>',
+ '<svg><set href=#xss attributeName=href from=? to=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>',
+ '<svg><g><g><g><animate href=#xss attributeName=href values=javascript:alert(1) /></g></g></g></svg>',
];
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
foreach ($checks as $check) {
$page->html = $check;
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
- $this->withHtml($pageView)->assertElementNotContains('.page-content', 'alert');
- $this->withHtml($pageView)->assertElementNotContains('.page-content', 'xlink:href');
- $this->withHtml($pageView)->assertElementNotContains('.page-content', 'application/xml');
+ $html = $this->withHtml($pageView);
+ $html->assertElementNotContains('.page-content', 'alert');
+ $html->assertElementNotContains('.page-content', 'xlink:href');
+ $html->assertElementNotContains('.page-content', 'application/xml');
+ $html->assertElementNotContains('.page-content', 'javascript');
}
}
public function test_page_inline_on_attributes_show_if_configured()
{
$this->asEditor();
- $page = Page::query()->first();
- config()->push('app.allow_content_scripts', 'true');
+ $page = $this->entities->page();
+ config()->set('app.allow_content_scripts', 'true');
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
public function test_duplicate_ids_fixed_on_page_save()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';
$pageSave = $this->put($page->getUrl(), [
public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '<h1 id="non-standard-id">test</h1><p><a href="#non-standard-id">link</a></p>';
$this->put($page->getUrl(), [
public function test_page_text_decodes_html_entities()
{
- $page = Page::query()->first();
+ $page = $this->entities->page();
- $this->actingAs($this->getAdmin())
+ $this->actingAs($this->users->admin())
->put($page->getUrl(''), [
'name' => 'Testing',
'html' => '<p>"Hello & welcome"</p>',
public function test_page_markdown_table_rendering()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '| Syntax | Description |
| ----------- | ----------- |
public function test_page_markdown_task_list_rendering()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '- [ ] Item a
- [x] Item b';
public function test_page_markdown_strikethrough_rendering()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '~~some crossed out text~~';
$this->put($page->getUrl(), [
public function test_page_markdown_single_html_comment_saving()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '<!-- Test Comment -->';
$this->put($page->getUrl(), [
public function test_base64_images_get_extracted_from_page_content()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$this->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
$imageFile = public_path($imagePath);
$this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile));
- $this->deleteImage($imagePath);
+ $this->files->deleteAtRelativePath($imagePath);
}
public function test_base64_images_get_extracted_when_containing_whitespace()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$base64PngWithWhitespace = "iVBORw0KGg\noAAAANSUhE\tUgAAAAEAAAA BCA YAAAAfFcSJAAA\n\t ACklEQVR4nGMAAQAABQAB";
$base64PngWithoutWhitespace = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQAB';
$imageFile = public_path($imagePath);
$this->assertEquals(base64_decode($base64PngWithoutWhitespace), file_get_contents($imageFile));
- $this->deleteImage($imagePath);
+ $this->files->deleteAtRelativePath($imagePath);
}
public function test_base64_images_within_html_blanked_if_not_supported_extension_for_extract()
foreach ($extensions as $extension) {
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$this->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
}
}
+ public function test_base64_images_within_html_blanked_if_no_image_create_permission()
+ {
+ $editor = $this->users->editor();
+ $page = $this->entities->page();
+ $this->permissions->removeUserRolePermissions($editor, ['image-create-all']);
+
+ $this->actingAs($editor)->put($page->getUrl(), [
+ 'name' => $page->name,
+ 'html' => '<p>test<img src="data:image/jpeg;base64,' . $this->base64Jpeg . '"/></p>',
+ ]);
+
+ $page->refresh();
+ $this->assertStringMatchesFormat('%A<p%A>test<img src="">%A</p>%A', $page->html);
+ }
+
+ public function test_base64_images_within_html_blanked_if_content_does_not_appear_like_an_image()
+ {
+ $page = $this->entities->page();
+
+ $imgContent = base64_encode('file://test/a/b/c');
+ $this->asEditor()->put($page->getUrl(), [
+ 'name' => $page->name,
+ 'html' => '<p>test<img src="data:image/jpeg;base64,' . $imgContent . '"/></p>',
+ ]);
+
+ $page->refresh();
+ $this->assertStringMatchesFormat('%A<p%A>test<img src="">%A</p>%A', $page->html);
+ }
+
public function test_base64_images_get_extracted_from_markdown_page_content()
{
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
$this->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
$imageFile = public_path($imagePath);
$this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile));
- $this->deleteImage($imagePath);
+ $this->files->deleteAtRelativePath($imagePath);
}
public function test_markdown_base64_extract_not_limited_by_pcre_limits()
$pcreRecursionLimit = ini_get('pcre.recursion_limit');
$this->asEditor();
- $page = Page::query()->first();
+ $page = $this->entities->page();
ini_set('pcre.backtrack_limit', '500');
ini_set('pcre.recursion_limit', '500');
- $content = str_repeat('a', 5000);
+ $content = str_repeat(base64_decode($this->base64Jpeg), 50);
$base64Content = base64_encode($content);
$this->put($page->getUrl(), [
$imageFile = public_path($imagePath);
$this->assertEquals($content, file_get_contents($imageFile));
- $this->deleteImage($imagePath);
+ $this->files->deleteAtRelativePath($imagePath);
ini_set('pcre.backtrack_limit', $pcreBacktrackLimit);
ini_set('pcre.recursion_limit', $pcreRecursionLimit);
}
public function test_base64_images_within_markdown_blanked_if_not_supported_extension_for_extract()
{
- $page = Page::query()->first();
+ $page = $this->entities->page();
$this->asEditor()->put($page->getUrl(), [
'name' => $page->name, 'summary' => '',
$this->assertStringContainsString('<img src=""', $page->refresh()->html);
}
+ public function test_base64_images_within_markdown_blanked_if_no_image_create_permission()
+ {
+ $editor = $this->users->editor();
+ $page = $this->entities->page();
+ $this->permissions->removeUserRolePermissions($editor, ['image-create-all']);
+
+ $this->actingAs($editor)->put($page->getUrl(), [
+ 'name' => $page->name,
+ 'markdown' => 'test ',
+ ]);
+
+ $this->assertStringContainsString('<img src=""', $page->refresh()->html);
+ }
+
+ public function test_base64_images_within_markdown_blanked_if_content_does_not_appear_like_an_image()
+ {
+ $page = $this->entities->page();
+
+ $imgContent = base64_encode('file://test/a/b/c');
+ $this->asEditor()->put($page->getUrl(), [
+ 'name' => $page->name,
+ 'markdown' => 'test ',
+ ]);
+
+ $page->refresh();
+ $this->assertStringContainsString('<img src=""', $page->refresh()->html);
+ }
+
public function test_nested_headers_gets_assigned_an_id()
{
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '<table><tbody><tr><td><h5>Simple Test</h5></td></tr></tbody></table>';
$this->asEditor()->put($page->getUrl(), [
public function test_non_breaking_spaces_are_preserved()
{
- /** @var Page $page */
- $page = Page::query()->first();
+ $page = $this->entities->page();
$content = '<p> </p>';
$this->asEditor()->put($page->getUrl(), [
$this->assertStringContainsString('<p id="bkmrk-%C2%A0"> </p>', $page->refresh()->html);
}
+
+ public function test_page_save_with_many_headers_and_links_is_reasonable()
+ {
+ $page = $this->entities->page();
+
+ $content = '';
+ for ($i = 0; $i < 500; $i++) {
+ $content .= "<table><tbody><tr><td><h5 id='header-{$i}'>Simple Test</h5><a href='#header-{$i}'></a></td></tr></tbody></table>";
+ }
+
+ $time = time();
+ $this->asEditor()->put($page->getUrl(), [
+ 'name' => $page->name,
+ 'html' => $content,
+ ])->assertRedirect();
+
+ $timeElapsed = time() - $time;
+ $this->assertLessThan(3, $timeElapsed);
+ }
}
projects / bookstack / blobdiff