mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
f77236aa38
* Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com>
67 lines
2.1 KiB
PHP
67 lines
2.1 KiB
PHP
<?php
|
|
|
|
namespace Tests\Settings;
|
|
|
|
use BookStack\Util\CspService;
|
|
use Tests\TestCase;
|
|
|
|
class CustomHeadContentTest extends TestCase
|
|
{
|
|
public function test_configured_content_shows_on_pages()
|
|
{
|
|
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee('console.log("cat")', false);
|
|
}
|
|
|
|
public function test_configured_content_does_not_show_on_settings_page()
|
|
{
|
|
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
|
|
$resp = $this->asAdmin()->get('/settings');
|
|
$resp->assertDontSee('console.log("cat")', false);
|
|
}
|
|
|
|
public function test_divs_in_js_preserved_in_configured_content()
|
|
{
|
|
$this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee('<div id="hello">cat</div>', false);
|
|
}
|
|
|
|
public function test_nonce_application_handles_edge_cases()
|
|
{
|
|
$mockCSP = $this->mock(CspService::class);
|
|
$mockCSP->shouldReceive('getNonce')->andReturn('abc123');
|
|
|
|
$content = trim('
|
|
<script>console.log("cat");</script>
|
|
<script type="text/html"><\script>const a = `<div></div>`<\/\script></script>
|
|
<script >const a = `<div></div>`;</script>
|
|
<script type="<script text>test">const c = `<div></div>`;</script>
|
|
<script
|
|
type="text/html"
|
|
>
|
|
const a = `<\script><\/script>`;
|
|
const b = `<script`;
|
|
</script>
|
|
<SCRIPT>const b = `↗️£`;</SCRIPT>
|
|
');
|
|
|
|
$expectedOutput = trim('
|
|
<script nonce="abc123">console.log("cat");</script>
|
|
<script type="text/html" nonce="abc123"><\script>const a = `<div></div>`<\/\script></script>
|
|
<script nonce="abc123">const a = `<div></div>`;</script>
|
|
<script type="<script text>test" nonce="abc123">const c = `<div></div>`;</script>
|
|
<script type="text/html" nonce="abc123">
|
|
const a = `<\script><\/script>`;
|
|
const b = `<script`;
|
|
</script>
|
|
<script nonce="abc123">const b = `↗️£`;</script>
|
|
');
|
|
|
|
$this->setSettings(['app-custom-head' => $content]);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee($expectedOutput, false);
|
|
}
|
|
}
|