entities->page(); $secondPage = $this->entities->page(); $secondPage->html = "
Hello, This is a test
This is a second block of content
"; $secondPage->save(); $this->asEditor(); $pageContent = $this->get($page->getUrl()); $pageContent->assertDontSee('Hello, This is a test'); $originalHtml = $page->html; $page->html .= "{{@{$secondPage->id}}}"; $page->save(); $pageContent = $this->get($page->getUrl()); $pageContent->assertSee('Hello, This is a test'); $pageContent->assertSee('This is a second block of content'); $page->html = $originalHtml . " Well {{@{$secondPage->id}#section2}}"; $page->save(); $pageContent = $this->get($page->getUrl()); $pageContent->assertDontSee('Hello, This is a test'); $pageContent->assertSee('Well This is a second block of content'); } public function test_saving_page_with_includes() { $page = $this->entities->page(); $secondPage = $this->entities->page(); $this->asEditor(); $includeTag = '{{@' . $secondPage->id . '}}'; $page->html = '' . $includeTag . '
'; $resp = $this->put($page->getUrl(), ['name' => $page->name, 'html' => $page->html, 'summary' => '']); $resp->assertStatus(302); $page = Page::find($page->id); $this->assertStringContainsString($includeTag, $page->html); $this->assertEquals('', $page->text); } public function test_page_includes_do_not_break_tables() { $page = $this->entities->page(); $secondPage = $this->entities->page(); $content = 'test |
var cat = null;
';
$secondPage->html = $content;
$secondPage->save();
$page->html = "{{@{$secondPage->id}#bkmrk-code}}";
$page->save();
$pageResp = $this->asEditor()->get($page->getUrl());
$pageResp->assertSee($content, false);
}
public function test_page_includes_rendered_on_book_export()
{
$page = $this->entities->page();
$secondPage = Page::query()
->where('book_id', '!=', $page->book_id)
->first();
$content = 'my cat is awesome and scratchy
'; $secondPage->html = $content; $secondPage->save(); $page->html = "{{@{$secondPage->id}#bkmrk-meow}}"; $page->save(); $this->asEditor(); $htmlContent = $this->get($page->book->getUrl('/export/html')); $htmlContent->assertSee('my cat is awesome and scratchy'); } public function test_page_includes_can_be_nested_up_to_three_times() { $page = $this->entities->page(); $tag = "{{@{$page->id}#bkmrk-test}}"; $page->html = 'Hello Barry ' . $tag . '
'; $page->save(); $pageResp = $this->asEditor()->get($page->getUrl()); $this->withHtml($pageResp)->assertElementContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry Hello Barry ' . $tag); $this->withHtml($pageResp)->assertElementNotContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry Hello Barry Hello Barry ' . $tag); } public function test_page_content_scripts_removed_by_default() { $this->asEditor(); $page = $this->entities->page(); $script = 'abc123abc123'; $page->html = "escape {$script}"; $page->save(); $pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); $pageView->assertDontSee($script, false); $pageView->assertSee('abc123abc123'); } public function test_more_complex_content_script_escaping_scenarios() { $checks = [ "Some script
", "Some script
Some script
", "Some script
", "Some script
", "Some script
", ]; $this->asEditor(); $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; $page->save(); $pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); $this->withHtml($pageView)->assertElementNotContains('.page-content', ''); } } public function test_js_and_base64_src_urls_are_removed() { $checks = [ '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', ]; $this->asEditor(); $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; $page->save(); $pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); $html = $this->withHtml($pageView); $html->assertElementNotContains('.page-content', ''); $html->assertElementNotContains('.page-content', 'src='); $html->assertElementNotContains('.page-content', 'javascript:'); $html->assertElementNotContains('.page-content', 'data:'); $html->assertElementNotContains('.page-content', 'base64'); } } public function test_javascript_uri_links_are_removed() { $checks = [ 'withHtml($pageView)->assertElementNotContains('.page-content', 'href=javascript:'); } } public function test_form_actions_with_javascript_are_removed() { $checks = [ '', '', '', '', '', ]; $this->asEditor(); $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; $page->save(); $pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); $this->withHtml($pageView)->assertElementNotContains('.page-content', '