bookstack/tests/Settings/CustomHeadContentTest.php

<?php

namespace Tests\Settings;

use BookStack\Util\CspService;
use Tests\TestCase;

class CustomHeadContentTest extends TestCase
{
    public function test_configured_content_shows_on_pages()
    {
        $this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
        $resp = $this->get('/login');
        $resp->assertSee('console.log("cat")', false);
    }

    public function test_content_wrapped_in_specific_html_comments()
    {
        // These comments are used to identify head content for editor injection
        $this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
        $resp = $this->get('/login');
        $resp->assertSee('<!-- Start: custom user content -->', false);
        $resp->assertSee('<!-- End: custom user content -->', false);
    }

    public function test_configured_content_does_not_show_on_settings_page()
    {
        $this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
        $resp = $this->asAdmin()->get('/settings/features');
        $resp->assertDontSee('console.log("cat")', false);
    }

    public function test_divs_in_js_preserved_in_configured_content()
    {
        $this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);
        $resp = $this->get('/login');
        $resp->assertSee('<div id="hello">cat</div>', false);
    }

    public function test_nonce_application_handles_edge_cases()
    {
        $mockCSP = $this->mock(CspService::class);
        $mockCSP->shouldReceive('getNonce')->andReturn('abc123');

        $content = trim('
<script>console.log("cat");</script>
<script type="text/html"><\script>const a = `<div></div>`<\/\script></script>
<script >const a = `<div></div>`;</script>
<script type="<script text>test">const c = `<div></div>`;</script>
<script
    type="text/html"
>
const a = `<\script><\/script>`;
const b = `<script`;
</script>
<SCRIPT>const b = `↗️£`;</SCRIPT>
        ');

        $expectedOutput = trim('
<script nonce="abc123">console.log("cat");</script>
<script type="text/html" nonce="abc123"><\script>const a = `<div></div>`<\/\script></script>
<script nonce="abc123">const a = `<div></div>`;</script>
<script type="&lt;script text&gt;test" nonce="abc123">const c = `<div></div>`;</script>
<script type="text/html" nonce="abc123">
const a = `<\script><\/script>`;
const b = `<script`;
</script>
<script nonce="abc123">const b = `↗️£`;</script>
        ');

        $this->setSettings(['app-custom-head' => $content]);
        $resp = $this->get('/login');
        $resp->assertSee($expectedOutput, false);
    }
}
Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 2021-09-06 06:52:39 +08:00			`<?php`

			`namespace Tests\Settings;`

Altered the parsing of custom head to prevent htmlentities on content Was causing things like emjoi within script content to be somewhat mangled. Instead we force UTF8 only parsing via XML declaration. Added test to cover. For #2923 2021-09-12 23:19:17 +08:00			`use BookStack\Util\CspService;`
Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 2021-09-06 06:52:39 +08:00			`use Tests\TestCase;`

			`class CustomHeadContentTest extends TestCase`
			`{`
			`public function test_configured_content_shows_on_pages()`
			`{`
			`$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);`
			`$resp = $this->get('/login');`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-27 05:04:18 +08:00			`$resp->assertSee('console.log("cat")', false);`
Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 2021-09-06 06:52:39 +08:00			`}`

Aligned some editor events, Changed wysiwyg custom styles loading - Removed old 'editor-*-update' commands to instead use the aligned 'editor::replace' command that we already have. - Changed the way custom styles are loaded for the WYSIWYG editor so we don't need an API call but instead scape content from the parent page header using comments as identifiers. Added tests to ensure comments exist and align. 2022-02-08 09:01:37 +08:00			`public function test_content_wrapped_in_specific_html_comments()`
			`{`
			`// These comments are used to identify head content for editor injection`
			`$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);`
			`$resp = $this->get('/login');`
			`$resp->assertSee('<!-- Start: custom user content -->', false);`
			`$resp->assertSee('<!-- End: custom user content -->', false);`
			`}`

Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 2021-09-06 06:52:39 +08:00			`public function test_configured_content_does_not_show_on_settings_page()`
			`{`
			`$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);`
Fixed settings redirect issue and custom head display - Fixed issue where redirect for `/settings` view would not be ran through base url generator so would not create a correct path in some cases. Now routed through controller with normal redirect. - Fixed custom head content being active on settings pages due to route name changes, for when viewing settings, in last release. Fixes #3356 and #3355 2022-03-31 02:15:24 +08:00			`$resp = $this->asAdmin()->get('/settings/features');`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-27 05:04:18 +08:00			`$resp->assertDontSee('console.log("cat")', false);`
Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 2021-09-06 06:52:39 +08:00			`}`

			`public function test_divs_in_js_preserved_in_configured_content()`
			`{`
			`$this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);`
			`$resp = $this->get('/login');`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-27 05:04:18 +08:00			`$resp->assertSee('<div id="hello">cat</div>', false);`
Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 2021-09-06 06:52:39 +08:00			`}`
Altered the parsing of custom head to prevent htmlentities on content Was causing things like emjoi within script content to be somewhat mangled. Instead we force UTF8 only parsing via XML declaration. Added test to cover. For #2923 2021-09-12 23:19:17 +08:00
			`public function test_nonce_application_handles_edge_cases()`
			`{`
			`$mockCSP = $this->mock(CspService::class);`
			`$mockCSP->shouldReceive('getNonce')->andReturn('abc123');`

			`$content = trim('`
			`<script>console.log("cat");</script>`
			<script type="text/html"><\script>const a = `<div></div>`<\/\script></script>
			<script >const a = `<div></div>`;</script>
			<script type="<script text>test">const c = `<div></div>`;</script>
			`<script`
			`type="text/html"`
			`>`
			const a = `<\script><\/script>`;
			const b = `<script`;
			`</script>`
			<SCRIPT>const b = `↗️£`;</SCRIPT>
			`');`

			`$expectedOutput = trim('`
			`<script nonce="abc123">console.log("cat");</script>`
			<script type="text/html" nonce="abc123"><\script>const a = `<div></div>`<\/\script></script>
			<script nonce="abc123">const a = `<div></div>`;</script>
			<script type="<script text>test" nonce="abc123">const c = `<div></div>`;</script>
			`<script type="text/html" nonce="abc123">`
			const a = `<\script><\/script>`;
			const b = `<script`;
			`</script>`
			<script nonce="abc123">const b = `↗️£`;</script>
			`');`

			`$this->setSettings(['app-custom-head' => $content]);`
			`$resp = $this->get('/login');`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-27 05:04:18 +08:00			`$resp->assertSee($expectedOutput, false);`
Altered the parsing of custom head to prevent htmlentities on content Was causing things like emjoi within script content to be somewhat mangled. Instead we force UTF8 only parsing via XML declaration. Added test to cover. For #2923 2021-09-12 23:19:17 +08:00			`}`
Applied latest styleci changes 2021-09-07 05:19:06 +08:00			`}`