git.squeep.com Git - akkoma/blob - test/pleroma/web/activity_pub/mrf/normalize_markup_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
   6   use Pleroma.DataCase, async: true
   7   alias Pleroma.Web.ActivityPub.MRF
   8   alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
   9
  10   @html_sample """
  11   <b>this is in bold</b>
  12   <p>this is a paragraph</p>
  13   this is a linebreak<br />
  14   this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
  15   this is a link with not allowed "rel" attribute: <a href="http://example.com/" rel="tag noallowed">example.com</a>
  16   this is an image: <img src="http://example.com/image.jpg"><br />
  17   <script>alert('hacked')</script>
  18   <div class="wow no classes here">mean</div>
  19   <img class="hehe" src="somewhere" />
  20   """
  21
  22   @expected """
  23   <b>this is in bold</b>
  24   <p>this is a paragraph</p>
  25   this is a linebreak<br/>
  26   this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
  27   this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
  28   this is an image: <img src="http://example.com/image.jpg"/><br/>
  29   alert(&#39;hacked&#39;)
  30   mean
  31   <img src="somewhere"/>
  32   """
  33
  34   test "it filter html tags" do
  35     message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
  36
  37     assert {:ok, res} = NormalizeMarkup.filter(message)
  38     assert res["object"]["content"] == @expected
  39   end
  40
  41   test "history-aware" do
  42     message = %{
  43       "type" => "Create",
  44       "object" => %{
  45         "content" => @html_sample,
  46         "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
  47       }
  48     }
  49
  50     assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
  51
  52     assert %{
  53              "content" => @expected,
  54              "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
  55            } = res["object"]
  56   end
  57
  58   test "works with Updates" do
  59     message = %{
  60       "type" => "Update",
  61       "object" => %{
  62         "content" => @html_sample,
  63         "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
  64       }
  65     }
  66
  67     assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
  68
  69     assert %{
  70              "content" => @expected,
  71              "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
  72            } = res["object"]
  73   end
  74
  75   test "it skips filter if type isn't `Create` or `Update`" do
  76     message = %{"type" => "Note", "object" => %{}}
  77
  78     assert {:ok, res} = NormalizeMarkup.filter(message)
  79     assert res == message
  80   end
  81 end