X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fhtml_test.exs;h=c918dbe203156a9bac79d251b94d9ab5b95c9ce7;hb=4f004ab92e6d824140e1f87155c3f91a6eedcb09;hp=64513980b0bb48fb57ec375646d968cef70a86b0;hpb=135c19676994defd6de729a497af5fb1f9c7b0ad;p=akkoma diff --git a/test/html_test.exs b/test/html_test.exs index 64513980b..c918dbe20 100644 --- a/test/html_test.exs +++ b/test/html_test.exs @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2018 Pleroma Authors +# Copyright © 2017-2019 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.HTMLTest do @@ -21,31 +21,31 @@ defmodule Pleroma.HTMLTest do """ @html_onerror_sample """ - + """ @html_span_class_sample """ - hi + hi """ @html_span_microformats_sample """ - @foo + @foo """ @html_span_invalid_microformats_sample """ - @foo + @foo """ describe "StripTags scrubber" do test "works as expected" do expected = """ - this is in bold + this is in bold this is a paragraph this is a linebreak - this is a link with allowed "rel" attribute: example.com - this is a link with not allowed "rel" attribute: example.com + this is a link with allowed "rel" attribute: example.com + this is a link with not allowed "rel" attribute: example.com this is an image: - alert('hacked') + alert('hacked') """ assert expected == HTML.strip_tags(@html_sample) @@ -61,13 +61,13 @@ defmodule Pleroma.HTMLTest do describe "TwitterText scrubber" do test "normalizes HTML as expected" do expected = """ - this is in bold + this is in bold

this is a paragraph

- this is a linebreak
- this is a link with allowed "rel" attribute: - this is a link with not allowed "rel" attribute: example.com - this is an image:
- alert('hacked') + this is a linebreak
+ this is a link with allowed "rel" attribute: + this is a link with not allowed "rel" attribute: example.com + this is an image:
+ alert('hacked') """ assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText) @@ -75,7 +75,7 @@ defmodule Pleroma.HTMLTest do test "does not allow attribute-based XSS" do expected = """ - + """ assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText) @@ -115,13 +115,13 @@ defmodule Pleroma.HTMLTest do describe "default scrubber" do test "normalizes HTML as expected" do expected = """ - this is in bold + this is in bold

this is a paragraph

- this is a linebreak
- this is a link with allowed "rel" attribute: - this is a link with not allowed "rel" attribute: example.com - this is an image:
- alert('hacked') + this is a linebreak
+ this is a link with allowed "rel" attribute: + this is a link with not allowed "rel" attribute: example.com + this is an image:
+ alert('hacked') """ assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default) @@ -129,7 +129,7 @@ defmodule Pleroma.HTMLTest do test "does not allow attribute-based XSS" do expected = """ - + """ assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default) @@ -212,5 +212,32 @@ defmodule Pleroma.HTMLTest do assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" end + + test "skips microformats hashtags" do + user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => + "#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140", + "content_type" => "text/html" + }) + + object = Object.normalize(activity) + {:ok, url} = HTML.extract_first_external_url(object, object.data["content"]) + + assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" + end + + test "does not crash when there is an HTML entity in a link" do + user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "\"http://cofe.com/?boomer=ok&foo=bar\""}) + + object = Object.normalize(activity) + + assert {:ok, nil} = HTML.extract_first_external_url(object, object.data["content"]) + end end end