2023-03-12 18:00:57 +03:00
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
2021-08-16 20:17:56 +03:00
package text_test
import (
"testing"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/text"
)
const (
2022-05-26 12:37:13 +03:00
sanitizeHTML = ` here's some naughty html: <script>alert(ahhhh)</script> !!! `
sanitizedHTML = ` here's some naughty html: !!! `
2021-08-16 20:17:56 +03:00
sanitizeOutgoing = ` <p>gotta test some fucking ''''''''' marks</p> `
sanitizedOutgoing = ` <p>gotta test some fucking ''''''''' marks</p> `
)
type SanitizeTestSuite struct {
suite . Suite
}
func ( suite * SanitizeTestSuite ) TestSanitizeOutgoing ( ) {
2023-08-11 15:40:11 +03:00
s := text . SanitizeToHTML ( sanitizeOutgoing )
2021-08-16 20:17:56 +03:00
suite . Equal ( sanitizedOutgoing , s )
}
func ( suite * SanitizeTestSuite ) TestSanitizeHTML ( ) {
2023-08-11 15:40:11 +03:00
s := text . SanitizeToHTML ( sanitizeHTML )
2021-08-16 20:17:56 +03:00
suite . Equal ( sanitizedHTML , s )
}
2022-05-26 12:37:13 +03:00
func ( suite * SanitizeTestSuite ) TestSanitizeCaption1 ( ) {
dodgyCaption := "<script>console.log('haha!')</script>this is just a normal caption ;)"
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( dodgyCaption )
2022-05-26 12:37:13 +03:00
suite . Equal ( "this is just a normal caption ;)" , sanitized )
}
func ( suite * SanitizeTestSuite ) TestSanitizeCaption2 ( ) {
dodgyCaption := "<em>here's a LOUD caption</em>"
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( dodgyCaption )
2022-05-26 12:37:13 +03:00
suite . Equal ( "here's a LOUD caption" , sanitized )
}
func ( suite * SanitizeTestSuite ) TestSanitizeCaption3 ( ) {
dodgyCaption := ""
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( dodgyCaption )
2022-05-26 12:37:13 +03:00
suite . Equal ( "" , sanitized )
}
func ( suite * SanitizeTestSuite ) TestSanitizeCaption4 ( ) {
dodgyCaption := `
here is
a multi line
caption
with some newlines
`
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( dodgyCaption )
2022-05-26 12:37:13 +03:00
suite . Equal ( "here is\na multi line\ncaption\nwith some newlines" , sanitized )
}
func ( suite * SanitizeTestSuite ) TestSanitizeCaption5 ( ) {
// html-escaped: "<script>console.log('aha!')</script> hello world"
dodgyCaption := ` <script>console.log('aha!')</script> hello world `
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( dodgyCaption )
2022-05-26 12:37:13 +03:00
suite . Equal ( "hello world" , sanitized )
2021-08-16 20:17:56 +03:00
}
2022-05-26 12:37:13 +03:00
func ( suite * SanitizeTestSuite ) TestSanitizeCaption6 ( ) {
// html-encoded: "<script>console.log('aha!')</script> hello world"
dodgyCaption := ` <script>console.log('aha!')</script> hello world `
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( dodgyCaption )
2022-05-26 12:37:13 +03:00
suite . Equal ( "hello world" , sanitized )
2021-08-16 20:17:56 +03:00
}
2022-09-12 14:14:29 +03:00
func ( suite * SanitizeTestSuite ) TestSanitizeCustomCSS ( ) {
customCSS := ` . toot . username {
color : var ( -- link_fg ) ;
line - height : 2 rem ;
margin - top : - 0.5 rem ;
align - self : start ;
white - space : nowrap ;
overflow : hidden ;
text - overflow : ellipsis ;
} `
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( customCSS )
2022-09-12 14:14:29 +03:00
suite . Equal ( customCSS , sanitized ) // should be the same as it was before
}
func ( suite * SanitizeTestSuite ) TestSanitizeNaughtyCustomCSS1 ( ) {
// try to break out of <style> into <head> and change the document title
customCSS := "</style><title>pee pee poo poo</title><style>"
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( customCSS )
2022-09-12 14:14:29 +03:00
suite . Empty ( sanitized )
}
func ( suite * SanitizeTestSuite ) TestSanitizeNaughtyCustomCSS2 ( ) {
// try to break out of <style> into <head> and change the document title
customCSS := "pee pee poo poo</style><title></title><style>"
2023-08-11 15:40:11 +03:00
sanitized := text . SanitizeToPlaintext ( customCSS )
2022-09-12 14:14:29 +03:00
suite . Equal ( "pee pee poo poo" , sanitized )
}
2023-08-11 15:40:11 +03:00
func ( suite * SanitizeTestSuite ) TestSanitizeInlineImg ( ) {
withInlineImg := "<p>Here's an inline image: <img class=\"fixed-size-img svelte-uci8eb\" aria-hidden=\"false\" alt=\"A black-and-white photo of an Oblique Strategy card. The card reads: 'Define an area as 'safe' and use it as an anchor'.\" title=\"A black-and-white photo of an Oblique Strategy card. The card reads: 'Define an area as 'safe' and use it as an anchor'.\" width=\"0\" height=\"0\" src=\"https://example.org/fileserver/01H7J83147QMCE17C0RS9P10Y9/attachment/small/01H7J8365XXRTCP6CAMGEM49ZE.jpg\" style=\"object-position: 50% 50%;\"></p>"
sanitized := text . SanitizeToHTML ( withInlineImg )
suite . Equal ( ` <p>Here's an inline image: </p> ` , sanitized )
}
2021-08-16 20:17:56 +03:00
func TestSanitizeTestSuite ( t * testing . T ) {
suite . Run ( t , new ( SanitizeTestSuite ) )
}