X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/f84bf8e883e8e5bd9a24b908e2f90a2742d36d19..refs/pull/3083/head:/tests/Entity/CommentTest.php
diff --git a/tests/Entity/CommentTest.php b/tests/Entity/CommentTest.php
index a2126407b..1e8ecbcac 100644
--- a/tests/Entity/CommentTest.php
+++ b/tests/Entity/CommentTest.php
@@ -1,19 +1,20 @@
-asAdmin();
$page = Page::first();
- $comment = factory(Comment::class)->make(['parent_id' => 2]);
- $resp = $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes());
+ $comment = Comment::factory()->make(['parent_id' => 2]);
+ $resp = $this->postJson("/comment/$page->id", $comment->getAttributes());
$resp->assertStatus(200);
$resp->assertSee($comment->text);
@@ -22,11 +23,11 @@ class CommentTest extends TestCase
$pageResp->assertSee($comment->text);
$this->assertDatabaseHas('comments', [
- 'local_id' => 1,
- 'entity_id' => $page->id,
+ 'local_id' => 1,
+ 'entity_id' => $page->id,
'entity_type' => Page::newModelInstance()->getMorphClass(),
- 'text' => $comment->text,
- 'parent_id' => 2
+ 'text' => $comment->text,
+ 'parent_id' => 2,
]);
}
@@ -35,14 +36,13 @@ class CommentTest extends TestCase
$this->asAdmin();
$page = Page::first();
- $comment = factory(Comment::class)->make();
- $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes());
+ $comment = Comment::factory()->make();
+ $this->postJson("/comment/$page->id", $comment->getAttributes());
$comment = $page->comments()->first();
$newText = 'updated text content';
- $resp = $this->putJson("/ajax/comment/$comment->id", [
+ $resp = $this->putJson("/comment/$comment->id", [
'text' => $newText,
- 'html' => ''.$newText.'
',
]);
$resp->assertStatus(200);
@@ -50,8 +50,8 @@ class CommentTest extends TestCase
$resp->assertDontSee($comment->text);
$this->assertDatabaseHas('comments', [
- 'text' => $newText,
- 'entity_id' => $page->id
+ 'text' => $newText,
+ 'entity_id' => $page->id,
]);
}
@@ -60,16 +60,58 @@ class CommentTest extends TestCase
$this->asAdmin();
$page = Page::first();
- $comment = factory(Comment::class)->make();
- $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes());
+ $comment = Comment::factory()->make();
+ $this->postJson("/comment/$page->id", $comment->getAttributes());
$comment = $page->comments()->first();
- $resp = $this->delete("/ajax/comment/$comment->id");
+ $resp = $this->delete("/comment/$comment->id");
$resp->assertStatus(200);
$this->assertDatabaseMissing('comments', [
- 'id' => $comment->id
+ 'id' => $comment->id,
+ ]);
+ }
+
+ public function test_comments_converts_markdown_input_to_html()
+ {
+ $page = Page::first();
+ $this->asAdmin()->postJson("/comment/$page->id", [
+ 'text' => '# My Title',
+ ]);
+
+ $this->assertDatabaseHas('comments', [
+ 'entity_id' => $page->id,
+ 'entity_type' => $page->getMorphClass(),
+ 'text' => '# My Title',
+ 'html' => "My Title
\n",
]);
+
+ $pageView = $this->get($page->getUrl());
+ $pageView->assertSee('My Title
', false);
+ }
+
+ public function test_html_cannot_be_injected_via_comment_content()
+ {
+ $this->asAdmin();
+ $page = Page::first();
+
+ $script = '\n\n# sometextinthecomment';
+ $this->postJson("/comment/$page->id", [
+ 'text' => $script,
+ ]);
+
+ $pageView = $this->get($page->getUrl());
+ $pageView->assertDontSee($script, false);
+ $pageView->assertSee('sometextinthecomment');
+
+ $comment = $page->comments()->first();
+ $this->putJson("/comment/$comment->id", [
+ 'text' => $script . 'updated',
+ ]);
+
+ $pageView = $this->get($page->getUrl());
+ $pageView->assertDontSee($script, false);
+ $pageView->assertSee('sometextinthecommentupdated');
}
}