To provide a way to see the original un-pre-processed database HTML
content.
For #4310
class PageApiController extends ApiController
{
class PageApiController extends ApiController
{
- protected PageRepo $pageRepo;
-
protected $rules = [
'create' => [
'book_id' => ['required_without:chapter_id', 'integer'],
protected $rules = [
'create' => [
'book_id' => ['required_without:chapter_id', 'integer'],
- public function __construct(PageRepo $pageRepo)
- {
- $this->pageRepo = $pageRepo;
+ public function __construct(
+ protected PageRepo $pageRepo
+ ) {
{
$refreshed = $this->refresh()->unsetRelations()->load(['tags', 'createdBy', 'updatedBy', 'ownedBy']);
$refreshed->setHidden(array_diff($refreshed->getHidden(), ['html', 'markdown']));
{
$refreshed = $this->refresh()->unsetRelations()->load(['tags', 'createdBy', 'updatedBy', 'ownedBy']);
$refreshed->setHidden(array_diff($refreshed->getHidden(), ['html', 'markdown']));
+ $refreshed->setAttribute('raw_html', $refreshed->html);
$refreshed->html = (new PageContent($refreshed))->render();
return $refreshed;
$refreshed->html = (new PageContent($refreshed))->render();
return $refreshed;
"name": "My API Page",
"slug": "my-api-page",
"html": "<p id=\"bkmrk-my-new-api-page\">my new API page</p>",
"name": "My API Page",
"slug": "my-api-page",
"html": "<p id=\"bkmrk-my-new-api-page\">my new API page</p>",
+ "raw_html": "<p id=\"bkmrk-my-new-api-page\">my new API page</p>",
"priority": 14,
"created_at": "2020-11-28T15:01:39.000000Z",
"updated_at": "2020-11-28T15:01:39.000000Z",
"priority": 14,
"created_at": "2020-11-28T15:01:39.000000Z",
"updated_at": "2020-11-28T15:01:39.000000Z",
"chapter_id": 0,
"name": "A page written in markdown",
"slug": "a-page-written-in-markdown",
"chapter_id": 0,
"name": "A page written in markdown",
"slug": "a-page-written-in-markdown",
- "html": "<h1 id=\"bkmrk-how-this-is-built\">How this is built</h1>\r\n<p id=\"bkmrk-this-page-is-written\">This page is written in markdown. BookStack stores the page data in HTML.</p>\r\n<p id=\"bkmrk-here%27s-a-cute-pictur\">Here's a cute picture of my cat:</p>\r\n<p id=\"bkmrk-\"><a href=\"http://example.com/uploads/images/gallery/2020-04/yXSrubes.jpg\"><img src=\"http://example.com/uploads/images/gallery/2020-04/scaled-1680-/yXSrubes.jpg\" alt=\"yXSrubes.jpg\"></a></p>",
+ "html": "<h1 id=\"bkmrk-this-is-my-cool-page\">This is my cool page! With some included text</h1>",
+ "raw_html": "<h1 id=\"bkmrk-this-is-my-cool-page\">This is my cool page! {{@1#bkmrk-a}}</h1>",
"priority": 13,
"created_at": "2020-02-02T21:40:38.000000Z",
"updated_at": "2020-11-28T14:43:20.000000Z",
"priority": 13,
"created_at": "2020-02-02T21:40:38.000000Z",
"updated_at": "2020-11-28T14:43:20.000000Z",
"name": "My updated API Page",
"slug": "my-updated-api-page",
"html": "<p id=\"bkmrk-my-new-api-page---up\">my new API page - Updated</p>",
"name": "My updated API Page",
"slug": "my-updated-api-page",
"html": "<p id=\"bkmrk-my-new-api-page---up\">my new API page - Updated</p>",
+ "raw_html": "<p id=\"bkmrk-my-new-api-page---up\">my new API page - Updated</p>",
"priority": 16,
"created_at": "2020-11-28T15:10:54.000000Z",
"updated_at": "2020-11-28T15:13:03.000000Z",
"priority": 16,
"created_at": "2020-11-28T15:10:54.000000Z",
"updated_at": "2020-11-28T15:13:03.000000Z",
$this->assertStringContainsString('testing', $html);
}
$this->assertStringContainsString('testing', $html);
}
+ public function test_read_endpoint_provides_raw_html()
+ {
+ $html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";
+
+ $this->actingAsApiEditor();
+ $page = $this->entities->page();
+ $page->html = $html;
+ $page->save();
+
+ $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
+ $this->assertEquals($html, $resp->json('raw_html'));
+ $this->assertNotEquals($html, $resp->json('html'));
+ }
+
public function test_read_endpoint_returns_not_found()
{
$this->actingAsApiEditor();
public function test_read_endpoint_returns_not_found()
{
$this->actingAsApiEditor();
projects / bookstack / commitdiff