BookStack/tests/Settings/CustomHeadContentTest.php
Dan Brown f77236aa38
Laravel 7.x Shift (#3011)
* Apply Laravel coding style
* Shift bindings
* Shift core files
* Shift to Throwable
* Add laravel/ui dependency
* Shift Eloquent methods
* Shift config files
* Shift Laravel dependencies
* Shift cleanup
* Shift test config and references
* Applied styleci changes
* Applied fixes post shift to laravel 7

Co-authored-by: Shift <shift@laravelshift.com>
2021-10-26 22:04:18 +01:00

66 lines
2.1 KiB
PHP

<?php
namespace Tests\Settings;
use BookStack\Util\CspService;
use Tests\TestCase;
class CustomHeadContentTest extends TestCase
{
public function test_configured_content_shows_on_pages()
{
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
$resp = $this->get('/login');
$resp->assertSee('console.log("cat")', false);
}
public function test_configured_content_does_not_show_on_settings_page()
{
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
$resp = $this->asAdmin()->get('/settings');
$resp->assertDontSee('console.log("cat")', false);
}
public function test_divs_in_js_preserved_in_configured_content()
{
$this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);
$resp = $this->get('/login');
$resp->assertSee('<div id="hello">cat</div>', false);
}
public function test_nonce_application_handles_edge_cases()
{
$mockCSP = $this->mock(CspService::class);
$mockCSP->shouldReceive('getNonce')->andReturn('abc123');
$content = trim('
<script>console.log("cat");</script>
<script type="text/html"><\script>const a = `<div></div>`<\/\script></script>
<script >const a = `<div></div>`;</script>
<script type="<script text>test">const c = `<div></div>`;</script>
<script
type="text/html"
>
const a = `<\script><\/script>`;
const b = `<script`;
</script>
<SCRIPT>const b = `↗️£`;</SCRIPT>
');
$expectedOutput = trim('
<script nonce="abc123">console.log("cat");</script>
<script type="text/html" nonce="abc123"><\script>const a = `<div></div>`<\/\script></script>
<script nonce="abc123">const a = `<div></div>`;</script>
<script type="&lt;script text&gt;test" nonce="abc123">const c = `<div></div>`;</script>
<script type="text/html" nonce="abc123">
const a = `<\script><\/script>`;
const b = `<script`;
</script>
<script nonce="abc123">const b = `↗️£`;</script>
');
$this->setSettings(['app-custom-head' => $content]);
$resp = $this->get('/login');
$resp->assertSee($expectedOutput, false);
}
}