mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-12-02 05:43:40 +08:00
da4308bb0f
- Fixed issue where redirect for `/settings` view would not be ran through base url generator so would not create a correct path in some cases. Now routed through controller with normal redirect. - Fixed custom head content being active on settings pages due to route name changes, for when viewing settings, in last release. Fixes #3356 and #3355
76 lines
2.6 KiB
PHP
76 lines
2.6 KiB
PHP
<?php
|
|
|
|
namespace Tests\Settings;
|
|
|
|
use BookStack\Util\CspService;
|
|
use Tests\TestCase;
|
|
|
|
class CustomHeadContentTest extends TestCase
|
|
{
|
|
public function test_configured_content_shows_on_pages()
|
|
{
|
|
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee('console.log("cat")', false);
|
|
}
|
|
|
|
public function test_content_wrapped_in_specific_html_comments()
|
|
{
|
|
// These comments are used to identify head content for editor injection
|
|
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee('<!-- Start: custom user content -->', false);
|
|
$resp->assertSee('<!-- End: custom user content -->', false);
|
|
}
|
|
|
|
public function test_configured_content_does_not_show_on_settings_page()
|
|
{
|
|
$this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
|
|
$resp = $this->asAdmin()->get('/settings/features');
|
|
$resp->assertDontSee('console.log("cat")', false);
|
|
}
|
|
|
|
public function test_divs_in_js_preserved_in_configured_content()
|
|
{
|
|
$this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee('<div id="hello">cat</div>', false);
|
|
}
|
|
|
|
public function test_nonce_application_handles_edge_cases()
|
|
{
|
|
$mockCSP = $this->mock(CspService::class);
|
|
$mockCSP->shouldReceive('getNonce')->andReturn('abc123');
|
|
|
|
$content = trim('
|
|
<script>console.log("cat");</script>
|
|
<script type="text/html"><\script>const a = `<div></div>`<\/\script></script>
|
|
<script >const a = `<div></div>`;</script>
|
|
<script type="<script text>test">const c = `<div></div>`;</script>
|
|
<script
|
|
type="text/html"
|
|
>
|
|
const a = `<\script><\/script>`;
|
|
const b = `<script`;
|
|
</script>
|
|
<SCRIPT>const b = `↗️£`;</SCRIPT>
|
|
');
|
|
|
|
$expectedOutput = trim('
|
|
<script nonce="abc123">console.log("cat");</script>
|
|
<script type="text/html" nonce="abc123"><\script>const a = `<div></div>`<\/\script></script>
|
|
<script nonce="abc123">const a = `<div></div>`;</script>
|
|
<script type="<script text>test" nonce="abc123">const c = `<div></div>`;</script>
|
|
<script type="text/html" nonce="abc123">
|
|
const a = `<\script><\/script>`;
|
|
const b = `<script`;
|
|
</script>
|
|
<script nonce="abc123">const b = `↗️£`;</script>
|
|
');
|
|
|
|
$this->setSettings(['app-custom-head' => $content]);
|
|
$resp = $this->get('/login');
|
|
$resp->assertSee($expectedOutput, false);
|
|
}
|
|
}
|