2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2019-12-04 20:38:33 +05:30
require 'spec_helper'
2017-08-17 22:00:37 +05:30
describe Banzai :: Pipeline :: FullPipeline do
describe 'References' do
2017-09-10 17:25:29 +05:30
let ( :project ) { create ( :project , :public ) }
2017-08-17 22:00:37 +05:30
let ( :issue ) { create ( :issue , project : project ) }
it 'handles markdown inside a reference' do
markdown = " [some `code` inside]( #{ issue . to_reference } ) "
result = described_class . call ( markdown , project : project )
link_content = result [ :output ] . css ( 'a' ) . inner_html
expect ( link_content ) . to eq ( 'some <code>code</code> inside' )
end
it 'sanitizes reference HTML' do
link_label = '<script>bad things</script>'
markdown = " [ #{ link_label } ]( #{ issue . to_reference } ) "
result = described_class . to_html ( markdown , project : project )
expect ( result ) . not_to include ( link_label )
end
it 'escapes the data-original attribute on a reference' do
markdown = %Q{ [">bad things]( #{ issue . to_reference } ) }
result = described_class . to_html ( markdown , project : project )
expect ( result ) . to include ( %{ data-original=' \" >bad things' } )
end
end
2019-02-02 18:00:53 +05:30
2019-03-02 22:35:43 +05:30
describe 'footnotes' do
let ( :project ) { create ( :project , :public ) }
let ( :html ) { described_class . to_html ( footnote_markdown , project : project ) }
let ( :identifier ) { html [ / .*fnref1-( \ d+).* / , 1 ] }
let ( :footnote_markdown ) do
<< ~ EOF
first [ ^ 1 ] and second [ ^ second ]
[ ^ 1 ] : one
[ ^ second ] : two
EOF
end
let ( :filtered_footnote ) do
<< ~ EOF
< p dir = " auto " > first < sup class = " footnote-ref " > < a href = " # fn1- #{ identifier } " id = " fnref1- #{ identifier } " > 1 < / a>< /su p > and second < sup class = " footnote-ref " > < a href = " # fn2- #{ identifier } " id = " fnref2- #{ identifier } " > 2 < / a>< /su p > < / p>
< section class = " footnotes " > < ol >
< li id = " fn1- #{ identifier } " >
< p > one < a href = " # fnref1- #{ identifier } " class = " footnote-backref " > < gl - emoji title = " leftwards arrow with hook " data - name = " leftwards_arrow_with_hook " data - unicode - version = " 1.1 " > ↩ < / gl-emoji>< / a > < / p>
< / li>
< li id = " fn2- #{ identifier } " >
< p > two < a href = " # fnref2- #{ identifier } " class = " footnote-backref " > < gl - emoji title = " leftwards arrow with hook " data - name = " leftwards_arrow_with_hook " data - unicode - version = " 1.1 " > ↩ < / gl-emoji>< / a > < / p>
< / li>
< / ol>< /se ction >
EOF
end
it 'properly adds the necessary ids and classes' do
stub_commonmark_sourcepos_disabled
expect ( html . lines . map ( & :strip ) . join ( " \n " ) ) . to eq filtered_footnote
end
end
2019-02-02 18:00:53 +05:30
describe 'links are detected as malicious' do
it 'has tooltips for malicious links' do
examples = %W[
http : / /ex ample . com / evil \ u202E3pm . exe
[ evilexe . mp3 ] ( http : / /ex ample . com / evil \ u202E3pm . exe )
rdar : / / localhost . com / \ u202E3pm . exe
http : / /one 😄 two . com
[ Evil - Test ] ( http : / /one 😄 two . com )
http : / / \ u0261itlab . com
[ Evil - GitLab - link ] ( http : / / \ u0261itlab . com )
! [ Evil - GitLab - link ] ( http : / / \ u0261itlab . com . png )
]
examples . each do | markdown |
result = described_class . call ( markdown , project : nil ) [ :output ]
link = result . css ( 'a' ) . first
expect ( link [ :class ] ) . to include ( 'has-tooltip' )
end
end
it 'has no tooltips for safe links' do
examples = %w[
http : / /ex ample . com
[ Safe - Test ] ( http : / /ex ample . com )
https : / / commons . wikimedia . org / wiki / File : ا س ك ر ا م _2_ - _تمنرا . jpg
[ Wikipedia - link ] ( https : / / commons . wikimedia . org / wiki / File : ا س ك ر ا م _2_ - _تمنرا . jpg )
]
examples . each do | markdown |
result = described_class . call ( markdown , project : nil ) [ :output ]
link = result . css ( 'a' ) . first
expect ( link [ :class ] ) . to be_nil
end
end
end
2017-08-17 22:00:37 +05:30
end
