diff options
author | kaniini <ariadne@dereferenced.org> | 2019-11-03 16:18:19 +0000 |
---|---|---|
committer | kaniini <ariadne@dereferenced.org> | 2019-11-03 16:18:19 +0000 |
commit | 61bcd4595fa61bd79a7bcb553968df9fc8306499 (patch) | |
tree | c1ac1eba2dc4a942e1d4a0e43aaf69e9db33a28c /test/web | |
parent | 9d8da9ea1501203662e08b6814ac324415653f3e (diff) | |
parent | 55ef88ef95ecda94ea416bd3a8492f992488ea83 (diff) | |
download | pleroma-61bcd4595fa61bd79a7bcb553968df9fc8306499.tar.gz pleroma-61bcd4595fa61bd79a7bcb553968df9fc8306499.zip |
Merge branch 'feature/fast_sanitize' into 'develop'
Switching to FastSanitize
See merge request pleroma/pleroma!1916
Diffstat (limited to 'test/web')
-rw-r--r-- | test/web/activity_pub/mrf/normalize_markup_test.exs | 10 | ||||
-rw-r--r-- | test/web/common_api/common_api_test.exs | 4 | ||||
-rw-r--r-- | test/web/mastodon_api/views/status_view_test.exs | 9 |
3 files changed, 12 insertions, 11 deletions
diff --git a/test/web/activity_pub/mrf/normalize_markup_test.exs b/test/web/activity_pub/mrf/normalize_markup_test.exs index 3916a1f35..0207be56b 100644 --- a/test/web/activity_pub/mrf/normalize_markup_test.exs +++ b/test/web/activity_pub/mrf/normalize_markup_test.exs @@ -20,11 +20,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do expected = """ <b>this is in bold</b> <p>this is a paragraph</p> - this is a linebreak<br /> - this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> - this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> - this is an image: <img src="http://example.com/image.jpg" /><br /> - alert('hacked') + this is a linebreak<br/> + this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> + this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> + this is an image: <img src="http://example.com/image.jpg"/><br/> + alert('hacked') """ message = %{"type" => "Create", "object" => %{"content" => @html_sample}} diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 1d2f20617..212b00cbb 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -140,7 +140,7 @@ defmodule Pleroma.Web.CommonAPITest do object = Object.normalize(activity) - assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')" + assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')" end test "it filters out obviously bad tags when accepting a post as Markdown" do @@ -156,7 +156,7 @@ defmodule Pleroma.Web.CommonAPITest do object = Object.normalize(activity) - assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')" + assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')" end test "it does not allow replies to direct messages that are not direct messages themselves" do diff --git a/test/web/mastodon_api/views/status_view_test.exs b/test/web/mastodon_api/views/status_view_test.exs index c200ad8fe..7526f2f27 100644 --- a/test/web/mastodon_api/views/status_view_test.exs +++ b/test/web/mastodon_api/views/status_view_test.exs @@ -7,6 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do alias Pleroma.Activity alias Pleroma.Bookmark + alias Pleroma.HTML alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User @@ -107,7 +108,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do in_reply_to_account_id: nil, card: nil, reblog: nil, - content: HtmlSanitizeEx.basic_html(object_data["content"]), + content: HTML.filter_tags(object_data["content"]), created_at: created_at, reblogs_count: 0, replies_count: 0, @@ -119,7 +120,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do pinned: false, sensitive: false, poll: nil, - spoiler_text: HtmlSanitizeEx.basic_html(object_data["summary"]), + spoiler_text: HTML.filter_tags(object_data["summary"]), visibility: "public", media_attachments: [], mentions: [], @@ -146,8 +147,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do local: true, conversation_id: convo_id, in_reply_to_account_acct: nil, - content: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["content"])}, - spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["summary"])}, + content: %{"text/plain" => HTML.strip_tags(object_data["content"])}, + spoiler_text: %{"text/plain" => HTML.strip_tags(object_data["summary"])}, expires_at: nil, direct_conversation_id: nil, thread_muted: false |