diff options
Diffstat (limited to 'test/pleroma/html_test.exs')
| -rw-r--r-- | test/pleroma/html_test.exs | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/test/pleroma/html_test.exs b/test/pleroma/html_test.exs index 9737f2458..b99689903 100644 --- a/test/pleroma/html_test.exs +++ b/test/pleroma/html_test.exs @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.HTMLTest do @@ -17,6 +17,7 @@ defmodule Pleroma.HTMLTest do this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> this is a link with not allowed "rel" attribute: <a href="http://example.com/" rel="tag noallowed">example.com</a> this is an image: <img src="http://example.com/image.jpg"><br /> + this is an inline emoji: <img class="emoji" src="http://example.com/image.jpg"><br /> <script>alert('hacked')</script> """ @@ -24,6 +25,10 @@ defmodule Pleroma.HTMLTest do <img src="http://example.com/image.jpg" onerror="alert('hacked')"> """ + @html_stillimage_sample """ + <img class="still-image" src="http://example.com/image.jpg"> + """ + @html_span_class_sample """ <span class="animate-spin">hi</span> """ @@ -45,6 +50,7 @@ defmodule Pleroma.HTMLTest do this is a link with allowed "rel" attribute: example.com this is a link with not allowed "rel" attribute: example.com this is an image: + this is an inline emoji: alert('hacked') """ @@ -67,6 +73,7 @@ defmodule Pleroma.HTMLTest do this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> this is an image: <img src="http://example.com/image.jpg"/><br/> + this is an inline emoji: <img class="emoji" src="http://example.com/image.jpg"/><br/> alert('hacked') """ @@ -90,6 +97,15 @@ defmodule Pleroma.HTMLTest do HTML.filter_tags(@html_span_class_sample, Pleroma.HTML.Scrubber.TwitterText) end + test "does not allow images with invalid classes" do + expected = """ + <img src="http://example.com/image.jpg"/> + """ + + assert expected == + HTML.filter_tags(@html_stillimage_sample, Pleroma.HTML.Scrubber.TwitterText) + end + test "does allow microformats" do expected = """ <span class="h-card"><a class="u-url mention">@<span>foo</span></a></span> @@ -121,6 +137,7 @@ defmodule Pleroma.HTMLTest do this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a> this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a> this is an image: <img src="http://example.com/image.jpg"/><br/> + this is an inline emoji: <img class="emoji" src="http://example.com/image.jpg"/><br/> alert('hacked') """ @@ -143,6 +160,15 @@ defmodule Pleroma.HTMLTest do assert expected == HTML.filter_tags(@html_span_class_sample, Pleroma.HTML.Scrubber.Default) end + test "does not allow images with invalid classes" do + expected = """ + <img src="http://example.com/image.jpg"/> + """ + + assert expected == + HTML.filter_tags(@html_stillimage_sample, Pleroma.HTML.Scrubber.TwitterText) + end + test "does allow microformats" do expected = """ <span class="h-card"><a class="u-url mention">@<span>foo</span></a></span> @@ -175,7 +201,7 @@ defmodule Pleroma.HTMLTest do "I think I just found the best github repo https://github.com/komeiji-satori/Dress" }) - object = Object.normalize(activity) + object = Object.normalize(activity, fetch: false) {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://github.com/komeiji-satori/Dress" end @@ -190,7 +216,7 @@ defmodule Pleroma.HTMLTest do "@#{other_user.nickname} install misskey! https://github.com/syuilo/misskey/blob/develop/docs/setup.en.md" }) - object = Object.normalize(activity) + object = Object.normalize(activity, fetch: false) {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://github.com/syuilo/misskey/blob/develop/docs/setup.en.md" @@ -206,7 +232,7 @@ defmodule Pleroma.HTMLTest do status: "#cofe https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" }) - object = Object.normalize(activity) + object = Object.normalize(activity, fetch: false) {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" @@ -222,7 +248,7 @@ defmodule Pleroma.HTMLTest do content_type: "text/html" }) - object = Object.normalize(activity) + object = Object.normalize(activity, fetch: false) {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" @@ -233,7 +259,7 @@ defmodule Pleroma.HTMLTest do {:ok, activity} = CommonAPI.post(user, %{status: "\"http://cofe.com/?boomer=ok&foo=bar\""}) - object = Object.normalize(activity) + object = Object.normalize(activity, fetch: false) assert {:ok, nil} = HTML.extract_first_external_url_from_object(object) end @@ -247,7 +273,7 @@ defmodule Pleroma.HTMLTest do "<a href=\"https://pleroma.gov/media/d24caa3a498e21e0298377a9ca0149a4f4f8b767178aacf837542282e2d94fb1.png?name=image.png\" class=\"attachment\">image.png</a>" }) - object = Object.normalize(activity) + object = Object.normalize(activity, fetch: false) assert {:ok, nil} = HTML.extract_first_external_url_from_object(object) end |