Fixed content parsing break with line html comment

Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.

For #2804
This commit is contained in:
Dan Brown 2021-06-13 12:53:04 +01:00
parent a8471b2c66
commit b5caaa73b7
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
4 changed files with 73 additions and 42 deletions

View file

@ -332,7 +332,7 @@ class PageContent
protected function fetchSectionOfPage(Page $page, string $sectionId): string
{
$topLevelTags = ['table', 'ul', 'ol'];
$doc = $this->loadDocumentFromHtml('<body>' . $page->html . '</body>');
$doc = $this->loadDocumentFromHtml($page->html);
// Search included content for the id given and blank out if not exists.
$matchingElem = $doc->getElementById($sectionId);
@ -363,6 +363,7 @@ class PageContent
{
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$html = '<body>' . $html . '</body>';
$doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
return $doc;
}

View file

@ -1,7 +1,6 @@
<?php namespace BookStack\Util;
use DOMDocument;
use DOMNode;
use DOMNodeList;
use DOMXPath;
@ -16,6 +15,7 @@ class HtmlContentFilter
return $html;
}
$html = '<body>' . $html . '</body>';
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
@ -61,11 +61,10 @@ class HtmlContentFilter
/**
* Removed all of the given DOMNodes.
*/
static protected function removeNodes(DOMNodeList $nodes): void
protected static function removeNodes(DOMNodeList $nodes): void
{
foreach ($nodes as $node) {
$node->parentNode->removeChild($node);
}
}
}
}

View file

@ -12,7 +12,7 @@ class ExportTest extends TestCase
public function test_page_text_export()
{
$page = Page::first();
$page = Page::query()->first();
$this->asEditor();
$resp = $this->get($page->getUrl('/export/plaintext'));
@ -23,7 +23,7 @@ class ExportTest extends TestCase
public function test_page_pdf_export()
{
$page = Page::first();
$page = Page::query()->first();
$this->asEditor();
$resp = $this->get($page->getUrl('/export/pdf'));
@ -33,7 +33,7 @@ class ExportTest extends TestCase
public function test_page_html_export()
{
$page = Page::first();
$page = Page::query()->first();
$this->asEditor();
$resp = $this->get($page->getUrl('/export/html'));
@ -44,7 +44,7 @@ class ExportTest extends TestCase
public function test_book_text_export()
{
$page = Page::first();
$page = Page::query()->first();
$book = $page->book;
$this->asEditor();
@ -57,7 +57,7 @@ class ExportTest extends TestCase
public function test_book_pdf_export()
{
$page = Page::first();
$page = Page::query()->first();
$book = $page->book;
$this->asEditor();
@ -68,7 +68,7 @@ class ExportTest extends TestCase
public function test_book_html_export()
{
$page = Page::first();
$page = Page::query()->first();
$book = $page->book;
$this->asEditor();
@ -95,7 +95,7 @@ class ExportTest extends TestCase
public function test_chapter_text_export()
{
$chapter = Chapter::first();
$chapter = Chapter::query()->first();
$page = $chapter->pages[0];
$this->asEditor();
@ -108,7 +108,7 @@ class ExportTest extends TestCase
public function test_chapter_pdf_export()
{
$chapter = Chapter::first();
$chapter = Chapter::query()->first();
$this->asEditor();
$resp = $this->get($chapter->getUrl('/export/pdf'));
@ -118,7 +118,7 @@ class ExportTest extends TestCase
public function test_chapter_html_export()
{
$chapter = Chapter::first();
$chapter = Chapter::query()->first();
$page = $chapter->pages[0];
$this->asEditor();
@ -131,7 +131,7 @@ class ExportTest extends TestCase
public function test_page_html_export_contains_custom_head_if_set()
{
$page = Page::first();
$page = Page::query()->first();
$customHeadContent = "<style>p{color: red;}</style>";
$this->setSettings(['app-custom-head' => $customHeadContent]);
@ -140,9 +140,21 @@ class ExportTest extends TestCase
$resp->assertSee($customHeadContent);
}
public function test_page_html_export_does_not_break_with_only_comments_in_custom_head()
{
$page = Page::query()->first();
$customHeadContent = "<!-- A comment -->";
$this->setSettings(['app-custom-head' => $customHeadContent]);
$resp = $this->asEditor()->get($page->getUrl('/export/html'));
$resp->assertStatus(200);
$resp->assertSee($customHeadContent);
}
public function test_page_html_export_use_absolute_dates()
{
$page = Page::first();
$page = Page::query()->first();
$resp = $this->asEditor()->get($page->getUrl('/export/html'));
$resp->assertSee($page->created_at->formatLocalized('%e %B %Y %H:%M:%S'));
@ -153,7 +165,7 @@ class ExportTest extends TestCase
public function test_page_export_does_not_include_user_or_revision_links()
{
$page = Page::first();
$page = Page::query()->first();
$resp = $this->asEditor()->get($page->getUrl('/export/html'));
$resp->assertDontSee($page->getUrl('/revisions'));
@ -163,7 +175,7 @@ class ExportTest extends TestCase
public function test_page_export_sets_right_data_type_for_svg_embeds()
{
$page = Page::first();
$page = Page::query()->first();
Storage::disk('local')->makeDirectory('uploads/images/gallery');
Storage::disk('local')->put('uploads/images/gallery/svg_test.svg', '<svg></svg>');
$page->html = '<img src="http://localhost/uploads/images/gallery/svg_test.svg">';
@ -179,7 +191,7 @@ class ExportTest extends TestCase
public function test_page_image_containment_works_on_multiple_images_within_a_single_line()
{
$page = Page::first();
$page = Page::query()->first();
Storage::disk('local')->makeDirectory('uploads/images/gallery');
Storage::disk('local')->put('uploads/images/gallery/svg_test.svg', '<svg></svg>');
Storage::disk('local')->put('uploads/images/gallery/svg_test2.svg', '<svg></svg>');
@ -195,7 +207,7 @@ class ExportTest extends TestCase
public function test_page_export_contained_html_image_fetches_only_run_when_url_points_to_image_upload_folder()
{
$page = Page::first();
$page = Page::query()->first();
$page->html = '<img src="http://localhost/uploads/images/gallery/svg_test.svg"/>'
.'<img src="http://localhost/uploads/svg_test.svg"/>'
.'<img src="/uploads/svg_test.svg"/>';
@ -233,7 +245,7 @@ class ExportTest extends TestCase
public function test_page_export_with_deleted_creator_and_updater()
{
$user = $this->getViewer(['name' => 'ExportWizardTheFifth']);
$page = Page::first();
$page = Page::query()->first();
$page->created_by = $user->id;
$page->updated_by = $user->id;
$page->save();

View file

@ -13,8 +13,8 @@ class PageContentTest extends TestCase
public function test_page_includes()
{
$page = Page::first();
$secondPage = Page::where('id', '!=', $page->id)->first();
$page = Page::query()->first();
$secondPage = Page::query()->where('id', '!=', $page->id)->first();
$secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";
$secondPage->save();
@ -42,8 +42,8 @@ class PageContentTest extends TestCase
public function test_saving_page_with_includes()
{
$page = Page::first();
$secondPage = Page::where('id', '!=', $page->id)->first();
$page = Page::query()->first();
$secondPage = Page::query()->where('id', '!=', $page->id)->first();
$this->asEditor();
$includeTag = '{{@' . $secondPage->id . '}}';
@ -60,8 +60,8 @@ class PageContentTest extends TestCase
public function test_page_includes_do_not_break_tables()
{
$page = Page::first();
$secondPage = Page::where('id', '!=', $page->id)->first();
$page = Page::query()->first();
$secondPage = Page::query()->where('id', '!=', $page->id)->first();
$content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';
$secondPage->html = $content;
@ -97,7 +97,7 @@ class PageContentTest extends TestCase
public function test_page_content_scripts_removed_by_default()
{
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
$script = 'abc123<script>console.log("hello-test")</script>abc123';
$page->html = "escape {$script}";
$page->save();
@ -120,7 +120,7 @@ class PageContentTest extends TestCase
];
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
foreach ($checks as $check) {
$page->html = $check;
@ -145,7 +145,7 @@ class PageContentTest extends TestCase
];
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
foreach ($checks as $check) {
$page->html = $check;
@ -171,7 +171,7 @@ class PageContentTest extends TestCase
];
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
foreach ($checks as $check) {
$page->html = $check;
@ -192,7 +192,7 @@ class PageContentTest extends TestCase
];
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
foreach ($checks as $check) {
$page->html = $check;
@ -215,7 +215,7 @@ class PageContentTest extends TestCase
];
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
foreach ($checks as $check) {
$page->html = $check;
@ -232,7 +232,7 @@ class PageContentTest extends TestCase
public function test_page_inline_on_attributes_removed_by_default()
{
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
$page->html = "escape {$script}";
$page->save();
@ -255,7 +255,7 @@ class PageContentTest extends TestCase
];
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
foreach ($checks as $check) {
$page->html = $check;
@ -271,7 +271,7 @@ class PageContentTest extends TestCase
public function test_page_content_scripts_show_when_configured()
{
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
config()->push('app.allow_content_scripts', 'true');
$script = 'abc123<script>console.log("hello-test")</script>abc123';
@ -286,7 +286,7 @@ class PageContentTest extends TestCase
public function test_page_inline_on_attributes_show_if_configured()
{
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
config()->push('app.allow_content_scripts', 'true');
$script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
@ -301,7 +301,7 @@ class PageContentTest extends TestCase
public function test_duplicate_ids_does_not_break_page_render()
{
$this->asEditor();
$pageA = Page::first();
$pageA = Page::query()->first();
$pageB = Page::query()->where('id', '!=', $pageA->id)->first();
$content = '<ul id="bkmrk-xxx-%28"></ul> <ul id="bkmrk-xxx-%28"></ul>';
@ -318,7 +318,7 @@ class PageContentTest extends TestCase
public function test_duplicate_ids_fixed_on_page_save()
{
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
$content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';
$pageSave = $this->put($page->getUrl(), [
@ -328,14 +328,14 @@ class PageContentTest extends TestCase
]);
$pageSave->assertRedirect();
$updatedPage = Page::where('id', '=', $page->id)->first();
$updatedPage = Page::query()->where('id', '=', $page->id)->first();
$this->assertEquals(substr_count($updatedPage->html, "bkmrk-test\""), 1);
}
public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()
{
$this->asEditor();
$page = Page::first();
$page = Page::query()->first();
$content = '<h1 id="non-standard-id">test</h1><p><a href="#non-standard-id">link</a></p>';
$this->put($page->getUrl(), [
@ -344,7 +344,7 @@ class PageContentTest extends TestCase
'summary' => ''
]);
$updatedPage = Page::where('id', '=', $page->id)->first();
$updatedPage = Page::query()->where('id', '=', $page->id)->first();
$this->assertStringContainsString('id="bkmrk-test"', $updatedPage->html);
$this->assertStringContainsString('href="#bkmrk-test"', $updatedPage->html);
}
@ -484,6 +484,25 @@ class PageContentTest extends TestCase
$pageView->assertElementExists('.page-content p > s');
}
public function test_page_markdown_single_html_comment_saving()
{
$this->asEditor();
$page = Page::query()->first();
$content = '<!-- Test Comment -->';
$this->put($page->getUrl(), [
'name' => $page->name, 'markdown' => $content,
'html' => '', 'summary' => ''
]);
$page->refresh();
$this->assertStringMatchesFormat($content, $page->html);
$pageView = $this->get($page->getUrl());
$pageView->assertStatus(200);
$pageView->assertSee($content);
}
public function test_base64_images_get_extracted_from_page_content()
{
$this->asEditor();