Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-07-17 00:32:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
90c759e5ca
BookStack/tests/Settings/CustomHeadContentTest.php
Dan Brown ef459ca4c4
Altered the parsing of custom head to prevent htmlentities on content 
Was causing things like emjoi within script content to be somewhat
mangled. Instead we force UTF8 only parsing via XML declaration.

Added test to cover.

For #2923
2021-09-12 16:19:17 +01:00

67 lines
2.1 KiB
PHP
Raw Blame History

<?php
namespace Tests\Settings;
use BookStack\Util\CspService;
use Tests\TestCase;
class CustomHeadContentTest extends TestCase
{
public function test_configured_content_shows_on_pages()
{
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
$resp = $this->get('/login');
$resp->assertSee('console.log("cat")');
}
public function test_configured_content_does_not_show_on_settings_page()
{
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
$resp = $this->asAdmin()->get('/settings');
$resp->assertDontSee('console.log("cat")');
}
public function test_divs_in_js_preserved_in_configured_content()
{
$this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);
$resp = $this->get('/login');
$resp->assertSee('<div id="hello">cat</div>');
}
public function test_nonce_application_handles_edge_cases()
{
$mockCSP = $this->mock(CspService::class);
$mockCSP->shouldReceive('getNonce')->andReturn('abc123');
$content = trim('
<script>console.log("cat");</script>
<script type="text/html"><\script>const a = `<div></div>`<\/\script></script>
<script >const a = `<div></div>`;</script>
<script type="<script text>test">const c = `<div></div>`;</script>
<script
type="text/html"
>
const a = `<\script><\/script>`;
const b = `<script`;
</script>
<SCRIPT>const b = `↗️£`;</SCRIPT>
');
$expectedOutput = trim('
<script nonce="abc123">console.log("cat");</script>
<script type="text/html" nonce="abc123"><\script>const a = `<div></div>`<\/\script></script>
<script nonce="abc123">const a = `<div></div>`;</script>
<script type="&lt;script text&gt;test" nonce="abc123">const c = `<div></div>`;</script>
<script type="text/html" nonce="abc123">
const a = `<\script><\/script>`;
const b = `<script`;
</script>
<script nonce="abc123">const b = `↗️£`;</script>
');
$this->setSettings(['app-custom-head' => $content]);
$resp = $this->get('/login');
$resp->assertSee($expectedOutput);
}
}
Reference in New Issue View Git Blame Copy Permalink