178e151019
Conflicts: - `app/models/user_settings.rb`: Upstream added a constraint on a setting textually close to glitch-soc-only settings. Applied upstream's change. - `lib/sanitize_ext/sanitize_config.rb`: Upstream added support for the `translate` attribute on a few elements, where glitch-soc had a different set of allowed elements and attributes. Extended glitch-soc's allowed attributes with `translate` as upstream did. - `spec/validators/status_length_validator_spec.rb`: Upstream refactored to use RSpec's `instance_double` instead of `double`, but glitch-soc had changes to tests due to configurable max toot chars. Applied upstream's changes while keeping tests against configurable max toot chars.
77 lines
3.3 KiB
Ruby
77 lines
3.3 KiB
Ruby
# frozen_string_literal: true
|
||
|
||
require 'rails_helper'
|
||
|
||
describe Sanitize::Config do
|
||
shared_examples 'common HTML sanitization' do
|
||
it 'keeps h1' do
|
||
expect(Sanitize.fragment('<h1>Foo</h1>', subject)).to eq '<h1>Foo</h1>'
|
||
end
|
||
|
||
it 'keeps ul' do
|
||
expect(Sanitize.fragment('<p>Check out:</p><ul><li>Foo</li><li>Bar</li></ul>', subject)).to eq '<p>Check out:</p><ul><li>Foo</li><li>Bar</li></ul>'
|
||
end
|
||
|
||
it 'keeps start and reversed attributes of ol' do
|
||
expect(Sanitize.fragment('<p>Check out:</p><ol start="3" reversed=""><li>Foo</li><li>Bar</li></ol>', subject)).to eq '<p>Check out:</p><ol start="3" reversed=""><li>Foo</li><li>Bar</li></ol>'
|
||
end
|
||
|
||
it 'removes a without href' do
|
||
expect(Sanitize.fragment('<a>Test</a>', subject)).to eq 'Test'
|
||
end
|
||
|
||
it 'removes a without href and only keeps text content' do
|
||
expect(Sanitize.fragment('<a><span class="invisible">foo&</span><span>Test</span></a>', subject)).to eq 'foo&Test'
|
||
end
|
||
|
||
it 'removes a with unsupported scheme in href' do
|
||
expect(Sanitize.fragment('<a href="foo://bar">Test</a>', subject)).to eq 'Test'
|
||
end
|
||
|
||
it 'does not re-interpret HTML when removing unsupported links' do
|
||
expect(Sanitize.fragment('<a href="foo://bar">Test<a href="https://example.com">test</a></a>', subject)).to eq 'Test<a href="https://example.com">test</a>'
|
||
end
|
||
|
||
it 'keeps a with href' do
|
||
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
|
||
end
|
||
|
||
it 'keeps a with translate="no"' do
|
||
expect(Sanitize.fragment('<a href="http://example.com" translate="no">Test</a>', subject)).to eq '<a href="http://example.com" translate="no" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
|
||
end
|
||
|
||
it 'removes "translate" attribute with invalid value' do
|
||
expect(Sanitize.fragment('<a href="http://example.com" translate="foo">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
|
||
end
|
||
|
||
it 'removes a with unparsable href' do
|
||
expect(Sanitize.fragment('<a href=" https://google.fr">Test</a>', subject)).to eq 'Test'
|
||
end
|
||
|
||
it 'keeps a with supported scheme and no host' do
|
||
expect(Sanitize.fragment('<a href="dweb:/a/foo">Test</a>', subject)).to eq '<a href="dweb:/a/foo" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
|
||
end
|
||
|
||
it 'keeps title in abbr' do
|
||
expect(Sanitize.fragment('<abbr title="HyperText Markup Language">HTML</abbr>', subject)).to eq '<abbr title="HyperText Markup Language">HTML</abbr>'
|
||
end
|
||
end
|
||
|
||
describe '::MASTODON_OUTGOING' do
|
||
subject { Sanitize::Config::MASTODON_OUTGOING }
|
||
|
||
around do |example|
|
||
original_web_domain = Rails.configuration.x.web_domain
|
||
example.run
|
||
Rails.configuration.x.web_domain = original_web_domain
|
||
end
|
||
|
||
it_behaves_like 'common HTML sanitization'
|
||
|
||
it 'keeps a with href and rel tag, not adding to rel or target if url is local' do
|
||
Rails.configuration.x.web_domain = 'domain.test'
|
||
expect(Sanitize.fragment('<a href="http://domain.test/tags/foo" rel="tag">Test</a>', subject)).to eq '<a href="http://domain.test/tags/foo" rel="tag">Test</a>'
|
||
end
|
||
end
|
||
end
|