# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
use Pleroma.DataCase, async: true
alias Pleroma.Web.ActivityPub.MRF
alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
@html_sample """
this is in bold
this is a paragraph
this is a linebreak
this is a link with allowed "rel" attribute: example.com
this is a link with not allowed "rel" attribute: example.com
this is an image:
mean
"""
@expected """
this is in bold
this is a paragraph
this is a linebreak
this is a link with allowed "rel" attribute: example.com
this is a link with not allowed "rel" attribute: example.com
this is an image:
alert('hacked')
mean
"""
test "it filter html tags" do
message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
assert {:ok, res} = NormalizeMarkup.filter(message)
assert res["object"]["content"] == @expected
end
test "history-aware" do
message = %{
"type" => "Create",
"object" => %{
"content" => @html_sample,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
}
}
assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
assert %{
"content" => @expected,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
} = res["object"]
end
test "works with Updates" do
message = %{
"type" => "Update",
"object" => %{
"content" => @html_sample,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
}
}
assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
assert %{
"content" => @expected,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
} = res["object"]
end
test "it skips filter if type isn't `Create` or `Update`" do
message = %{"type" => "Note", "object" => %{}}
assert {:ok, res} = NormalizeMarkup.filter(message)
assert res == message
end
end