X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=inline;f=test%2Fhtml_test.exs;h=0a4b4ebbcbf23e2d87fb15e633f03df406327a58;hb=697cf920249b4f67bcc49aa923374d5fdc20809b;hp=306ad3b3b061a52738ae8ac6350ba0381c36affa;hpb=c1e011624d33052d4d473ebfb4e0c1ff7d2327dd;p=akkoma
diff --git a/test/html_test.exs b/test/html_test.exs
index 306ad3b3b..0a4b4ebbc 100644
--- a/test/html_test.exs
+++ b/test/html_test.exs
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.HTMLTest do
@@ -21,31 +21,31 @@ defmodule Pleroma.HTMLTest do
"""
@html_onerror_sample """
-
+
"""
@html_span_class_sample """
- hi
+ hi
"""
@html_span_microformats_sample """
- @foo
+ @foo
"""
@html_span_invalid_microformats_sample """
- @foo
+ @foo
"""
describe "StripTags scrubber" do
test "works as expected" do
expected = """
- this is in bold
+ this is in bold
this is a paragraph
this is a linebreak
- this is a link with allowed "rel" attribute: example.com
- this is a link with not allowed "rel" attribute: example.com
+ this is a link with allowed "rel" attribute: example.com
+ this is a link with not allowed "rel" attribute: example.com
this is an image:
- alert('hacked')
+ alert('hacked')
"""
assert expected == HTML.strip_tags(@html_sample)
@@ -61,13 +61,13 @@ defmodule Pleroma.HTMLTest do
describe "TwitterText scrubber" do
test "normalizes HTML as expected" do
expected = """
- this is in bold
+ this is in bold
this is a paragraph
- this is a linebreak
- this is a link with allowed "rel" attribute: example.com
- this is a link with not allowed "rel" attribute: example.com
- this is an image:
- alert('hacked')
+ this is a linebreak
+ this is a link with allowed "rel" attribute: example.com
+ this is a link with not allowed "rel" attribute: example.com
+ this is an image:
+ alert('hacked')
"""
assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText)
@@ -75,7 +75,7 @@ defmodule Pleroma.HTMLTest do
test "does not allow attribute-based XSS" do
expected = """
-
+
"""
assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText)
@@ -115,13 +115,13 @@ defmodule Pleroma.HTMLTest do
describe "default scrubber" do
test "normalizes HTML as expected" do
expected = """
- this is in bold
+ this is in bold
this is a paragraph
- this is a linebreak
- this is a link with allowed "rel" attribute: example.com
- this is a link with not allowed "rel" attribute: example.com
- this is an image:
- alert('hacked')
+ this is a linebreak
+ this is a link with allowed "rel" attribute: example.com
+ this is a link with not allowed "rel" attribute: example.com
+ this is an image:
+ alert('hacked')
"""
assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default)
@@ -129,7 +129,7 @@ defmodule Pleroma.HTMLTest do
test "does not allow attribute-based XSS" do
expected = """
-
+
"""
assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default)
@@ -171,7 +171,7 @@ defmodule Pleroma.HTMLTest do
{:ok, activity} =
CommonAPI.post(user, %{
- "status" =>
+ status:
"I think I just found the best github repo https://github.com/komeiji-satori/Dress"
})
@@ -186,7 +186,7 @@ defmodule Pleroma.HTMLTest do
{:ok, activity} =
CommonAPI.post(user, %{
- "status" =>
+ status:
"@#{other_user.nickname} install misskey! https://github.com/syuilo/misskey/blob/develop/docs/setup.en.md"
})
@@ -203,8 +203,7 @@ defmodule Pleroma.HTMLTest do
{:ok, activity} =
CommonAPI.post(user, %{
- "status" =>
- "#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140"
+ status: "#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140"
})
object = Object.normalize(activity)
@@ -218,9 +217,9 @@ defmodule Pleroma.HTMLTest do
{:ok, activity} =
CommonAPI.post(user, %{
- "status" =>
+ status:
"#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140",
- "content_type" => "text/html"
+ content_type: "text/html"
})
object = Object.normalize(activity)
@@ -228,5 +227,15 @@ defmodule Pleroma.HTMLTest do
assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140"
end
+
+ test "does not crash when there is an HTML entity in a link" do
+ user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{status: "\"http://cofe.com/?boomer=ok&foo=bar\""})
+
+ object = Object.normalize(activity)
+
+ assert {:ok, nil} = HTML.extract_first_external_url(object, object.data["content"])
+ end
end
end