diff options
Diffstat (limited to 'test/html_test.exs')
| -rw-r--r-- | test/html_test.exs | 67 |
1 files changed, 38 insertions, 29 deletions
diff --git a/test/html_test.exs b/test/html_test.exs index 306ad3b3b..0a4b4ebbc 100644 --- a/test/html_test.exs +++ b/test/html_test.exs @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/> +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.HTMLTest do @@ -21,31 +21,31 @@ defmodule Pleroma.HTMLTest do """ @html_onerror_sample """ - <img src="http://example.com/image.jpg" onerror="alert('hacked')"> + <img src="http://example.com/image.jpg" onerror="alert('hacked')"> """ @html_span_class_sample """ - <span class="animate-spin">hi</span> + <span class="animate-spin">hi</span> """ @html_span_microformats_sample """ - <span class="h-card"><a class="u-url mention">@<span>foo</span></a></span> + <span class="h-card"><a class="u-url mention">@<span>foo</span></a></span> """ @html_span_invalid_microformats_sample """ - <span class="h-card"><a class="u-url mention animate-spin">@<span>foo</span></a></span> + <span class="h-card"><a class="u-url mention animate-spin">@<span>foo</span></a></span> """ describe "StripTags scrubber" do test "works as expected" do expected = """ - this is in bold + this is in bold this is a paragraph this is a linebreak - this is a link with allowed "rel" attribute: example.com - this is a link with not allowed "rel" attribute: example.com + this is a link with allowed "rel" attribute: example.com + this is a link with not allowed "rel" attribute: example.com this is an image: - alert('hacked') + alert('hacked') """ assert expected == HTML.strip_tags(@html_sample) @@ -61,13 +61,13 @@ defmodule Pleroma.HTMLTest do describe "TwitterText scrubber" do test "normalizes HTML as expected" do expected = """ - this is in bold + this is in bold <p>this is a paragraph</p> - this is a linebreak<br /> - this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> - this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> - this is an image: <img src="http://example.com/image.jpg" /><br /> - alert('hacked') + this is a linebreak<br/> + this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> + this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> + this is an image: <img src="http://example.com/image.jpg"/><br/> + alert('hacked') """ assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText) @@ -75,7 +75,7 @@ defmodule Pleroma.HTMLTest do test "does not allow attribute-based XSS" do expected = """ - <img src="http://example.com/image.jpg" /> + <img src="http://example.com/image.jpg"/> """ assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText) @@ -115,13 +115,13 @@ defmodule Pleroma.HTMLTest do describe "default scrubber" do test "normalizes HTML as expected" do expected = """ - <b>this is in bold</b> + <b>this is in bold</b> <p>this is a paragraph</p> - this is a linebreak<br /> - this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> - this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> - this is an image: <img src="http://example.com/image.jpg" /><br /> - alert('hacked') + this is a linebreak<br/> + this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> + this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> + this is an image: <img src="http://example.com/image.jpg"/><br/> + alert('hacked') """ assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default) @@ -129,7 +129,7 @@ defmodule Pleroma.HTMLTest do test "does not allow attribute-based XSS" do expected = """ - <img src="http://example.com/image.jpg" /> + <img src="http://example.com/image.jpg"/> """ assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default) @@ -171,7 +171,7 @@ defmodule Pleroma.HTMLTest do {:ok, activity} = CommonAPI.post(user, %{ - "status" => + status: "I think I just found the best github repo https://github.com/komeiji-satori/Dress" }) @@ -186,7 +186,7 @@ defmodule Pleroma.HTMLTest do {:ok, activity} = CommonAPI.post(user, %{ - "status" => + status: "@#{other_user.nickname} install misskey! https://github.com/syuilo/misskey/blob/develop/docs/setup.en.md" }) @@ -203,8 +203,7 @@ defmodule Pleroma.HTMLTest do {:ok, activity} = CommonAPI.post(user, %{ - "status" => - "#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" + status: "#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" }) object = Object.normalize(activity) @@ -218,9 +217,9 @@ defmodule Pleroma.HTMLTest do {:ok, activity} = CommonAPI.post(user, %{ - "status" => + status: "<a href=\"https://pleroma.gov/tags/cofe\" rel=\"tag\">#cofe</a> https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140", - "content_type" => "text/html" + content_type: "text/html" }) object = Object.normalize(activity) @@ -228,5 +227,15 @@ defmodule Pleroma.HTMLTest do assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" end + + test "does not crash when there is an HTML entity in a link" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{status: "\"http://cofe.com/?boomer=ok&foo=bar\""}) + + object = Object.normalize(activity) + + assert {:ok, nil} = HTML.extract_first_external_url(object, object.data["content"]) + end end end |