logo

mastofe

My custom branche(s) on git.pleroma.social/pleroma/mastofe git clone https://hacktivis.me/git/mastofe.git

formatter_spec.rb (15532B)


  1. require 'rails_helper'
  2. RSpec.describe Formatter do
  3. let(:local_account) { Fabricate(:account, domain: nil, username: 'alice') }
  4. let(:remote_account) { Fabricate(:account, domain: 'remote', username: 'bob', url: 'https://remote/') }
  5. shared_examples 'encode and link URLs' do
  6. context 'matches a stand-alone medium URL' do
  7. let(:text) { 'https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4' }
  8. it 'has valid URL' do
  9. is_expected.to include 'href="https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4"'
  10. end
  11. end
  12. context 'matches a stand-alone google URL' do
  13. let(:text) { 'http://google.com' }
  14. it 'has valid URL' do
  15. is_expected.to include 'href="http://google.com"'
  16. end
  17. end
  18. context 'matches a stand-alone IDN URL' do
  19. let(:text) { 'https://nic.みんな/' }
  20. it 'has valid URL' do
  21. is_expected.to include 'href="https://nic.みんな/"'
  22. end
  23. it 'has display URL' do
  24. is_expected.to include '<span class="">nic.みんな/</span>'
  25. end
  26. end
  27. context 'matches a URL without trailing period' do
  28. let(:text) { 'http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona. ' }
  29. it 'has valid URL' do
  30. is_expected.to include 'href="http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona"'
  31. end
  32. end
  33. context 'matches a URL without closing paranthesis' do
  34. let(:text) { '(http://google.com/)' }
  35. it 'has valid URL' do
  36. is_expected.to include 'href="http://google.com/"'
  37. end
  38. end
  39. context 'matches a URL without exclamation point' do
  40. let(:text) { 'http://www.google.com!' }
  41. it 'has valid URL' do
  42. is_expected.to include 'href="http://www.google.com"'
  43. end
  44. end
  45. context 'matches a URL without single quote' do
  46. let(:text) { "http://www.google.com'" }
  47. it 'has valid URL' do
  48. is_expected.to include 'href="http://www.google.com"'
  49. end
  50. end
  51. context 'matches a URL without angle brackets' do
  52. let(:text) { 'http://www.google.com>' }
  53. it 'has valid URL' do
  54. is_expected.to include 'href="http://www.google.com"'
  55. end
  56. end
  57. context 'matches a URL with a query string' do
  58. let(:text) { 'https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=autolink' }
  59. it 'has valid URL' do
  60. is_expected.to include 'href="https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&amp;q=autolink"'
  61. end
  62. end
  63. context 'matches a URL with parenthesis in it' do
  64. let(:text) { 'https://en.wikipedia.org/wiki/Diaspora_(software)' }
  65. it 'has valid URL' do
  66. is_expected.to include 'href="https://en.wikipedia.org/wiki/Diaspora_(software)"'
  67. end
  68. end
  69. context 'matches a URL with Japanese path string' do
  70. let(:text) { 'https://ja.wikipedia.org/wiki/日本' }
  71. it 'has valid URL' do
  72. is_expected.to include 'href="https://ja.wikipedia.org/wiki/日本"'
  73. end
  74. end
  75. context 'matches a URL with Korean path string' do
  76. let(:text) { 'https://ko.wikipedia.org/wiki/대한민국' }
  77. it 'has valid URL' do
  78. is_expected.to include 'href="https://ko.wikipedia.org/wiki/대한민국"'
  79. end
  80. end
  81. context 'matches a URL with Simplified Chinese path string' do
  82. let(:text) { 'https://baike.baidu.com/item/中华人民共和国' }
  83. it 'has valid URL' do
  84. is_expected.to include 'href="https://baike.baidu.com/item/中华人民共和国"'
  85. end
  86. end
  87. context 'matches a URL with Traditional Chinese path string' do
  88. let(:text) { 'https://zh.wikipedia.org/wiki/臺灣' }
  89. it 'has valid URL' do
  90. is_expected.to include 'href="https://zh.wikipedia.org/wiki/臺灣"'
  91. end
  92. end
  93. context 'contains unsafe URL (XSS attack, visible part)' do
  94. let(:text) { %q{http://example.com/b<del>b</del>} }
  95. it 'has escaped HTML' do
  96. is_expected.to include '&lt;del&gt;b&lt;/del&gt;'
  97. end
  98. end
  99. context 'contains unsafe URL (XSS attack, invisible part)' do
  100. let(:text) { %q{http://example.com/blahblahblahblah/a<script>alert("Hello")</script>} }
  101. it 'has escaped HTML' do
  102. is_expected.to include '&lt;script&gt;alert(&quot;Hello&quot;)&lt;/script&gt;'
  103. end
  104. end
  105. context 'contains HTML (script tag)' do
  106. let(:text) { '<script>alert("Hello")</script>' }
  107. it 'has escaped HTML' do
  108. is_expected.to include '<p>&lt;script&gt;alert(&quot;Hello&quot;)&lt;/script&gt;</p>'
  109. end
  110. end
  111. context 'contains HTML (XSS attack)' do
  112. let(:text) { %q{<img src="javascript:alert('XSS');">} }
  113. it 'has escaped HTML' do
  114. is_expected.to include '<p>&lt;img src=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;</p>'
  115. end
  116. end
  117. context 'contains invalid URL' do
  118. let(:text) { 'http://www\.google\.com' }
  119. it 'has raw URL' do
  120. is_expected.to eq '<p>http://www\.google\.com</p>'
  121. end
  122. end
  123. context 'contains a hashtag' do
  124. let(:text) { '#hashtag' }
  125. it 'has a link' do
  126. is_expected.to include '/tags/hashtag" class="mention hashtag" rel="tag">#<span>hashtag</span></a>'
  127. end
  128. end
  129. end
  130. describe '#format' do
  131. subject { Formatter.instance.format(status) }
  132. context 'with local status' do
  133. context 'with reblog' do
  134. let(:reblog) { Fabricate(:status, account: local_account, text: 'Hello world', uri: nil) }
  135. let(:status) { Fabricate(:status, reblog: reblog) }
  136. it 'returns original status with credit to its author' do
  137. is_expected.to include 'RT <span class="h-card"><a href="https://cb6e6126.ngrok.io/@alice" class="u-url mention">@<span>alice</span></a></span> Hello world'
  138. end
  139. end
  140. context 'contains plain text' do
  141. let(:status) { Fabricate(:status, text: 'text', uri: nil) }
  142. it 'paragraphizes' do
  143. is_expected.to eq '<p>text</p>'
  144. end
  145. end
  146. context 'contains line feeds' do
  147. let(:status) { Fabricate(:status, text: "line\nfeed", uri: nil) }
  148. it 'removes line feeds' do
  149. is_expected.not_to include "\n"
  150. end
  151. end
  152. context 'contains linkable mentions' do
  153. let(:status) { Fabricate(:status, mentions: [ Fabricate(:mention, account: local_account) ], text: '@alice') }
  154. it 'links' do
  155. is_expected.to include '<a href="https://cb6e6126.ngrok.io/@alice" class="u-url mention">@<span>alice</span></a></span>'
  156. end
  157. end
  158. context 'contains unlinkable mentions' do
  159. let(:status) { Fabricate(:status, text: '@alice', uri: nil) }
  160. it 'does not link' do
  161. is_expected.to include '@alice'
  162. end
  163. end
  164. context do
  165. subject do
  166. status = Fabricate(:status, text: text, uri: nil)
  167. Formatter.instance.format(status)
  168. end
  169. include_examples 'encode and link URLs'
  170. end
  171. context 'with custom_emojify option' do
  172. let!(:emoji) { Fabricate(:custom_emoji) }
  173. let(:status) { Fabricate(:status, account: local_account, text: text) }
  174. subject { Formatter.instance.format(status, custom_emojify: true) }
  175. context 'with emoji at the start' do
  176. let(:text) { ':coolcat: Beep boop' }
  177. it 'converts shortcode to image tag' do
  178. is_expected.to match(/<p><img draggable="false" class="emojione" alt=":coolcat:"/)
  179. end
  180. end
  181. context 'with emoji in the middle' do
  182. let(:text) { 'Beep :coolcat: boop' }
  183. it 'converts shortcode to image tag' do
  184. is_expected.to match(/Beep <img draggable="false" class="emojione" alt=":coolcat:"/)
  185. end
  186. end
  187. context 'with concatenated emoji' do
  188. let(:text) { ':coolcat::coolcat:' }
  189. it 'does not touch the shortcodes' do
  190. is_expected.to match(/:coolcat::coolcat:/)
  191. end
  192. end
  193. context 'with emoji at the end' do
  194. let(:text) { 'Beep boop :coolcat:' }
  195. it 'converts shortcode to image tag' do
  196. is_expected.to match(/boop <img draggable="false" class="emojione" alt=":coolcat:"/)
  197. end
  198. end
  199. end
  200. end
  201. context 'with remote status' do
  202. let(:status) { Fabricate(:status, account: remote_account, text: 'Beep boop') }
  203. it 'reformats' do
  204. is_expected.to eq 'Beep boop'
  205. end
  206. context 'with custom_emojify option' do
  207. let!(:emoji) { Fabricate(:custom_emoji, domain: remote_account.domain) }
  208. let(:status) { Fabricate(:status, account: remote_account, text: text) }
  209. subject { Formatter.instance.format(status, custom_emojify: true) }
  210. context 'with emoji at the start' do
  211. let(:text) { '<p>:coolcat: Beep boop<br />' }
  212. it 'converts shortcode to image tag' do
  213. is_expected.to match(/<p><img draggable="false" class="emojione" alt=":coolcat:"/)
  214. end
  215. end
  216. context 'with emoji in the middle' do
  217. let(:text) { '<p>Beep :coolcat: boop</p>' }
  218. it 'converts shortcode to image tag' do
  219. is_expected.to match(/Beep <img draggable="false" class="emojione" alt=":coolcat:"/)
  220. end
  221. end
  222. context 'with concatenated emoji' do
  223. let(:text) { '<p>:coolcat::coolcat:</p>' }
  224. it 'does not touch the shortcodes' do
  225. is_expected.to match(/<p>:coolcat::coolcat:<\/p>/)
  226. end
  227. end
  228. context 'with emoji at the end' do
  229. let(:text) { '<p>Beep boop<br />:coolcat:</p>' }
  230. it 'converts shortcode to image tag' do
  231. is_expected.to match(/<br><img draggable="false" class="emojione" alt=":coolcat:"/)
  232. end
  233. end
  234. end
  235. end
  236. end
  237. describe '#reformat' do
  238. subject { Formatter.instance.reformat(text) }
  239. context 'contains plain text' do
  240. let(:text) { 'Beep boop' }
  241. it 'contains plain text' do
  242. is_expected.to include 'Beep boop'
  243. end
  244. end
  245. context 'contains scripts' do
  246. let(:text) { '<script>alert("Hello")</script>' }
  247. it 'strips scripts' do
  248. is_expected.to_not include '<script>alert("Hello")</script>'
  249. end
  250. end
  251. context 'contains malicious classes' do
  252. let(:text) { '<span class="mention status__content__spoiler-link">Show more</span>' }
  253. it 'strips malicious classes' do
  254. is_expected.to_not include 'status__content__spoiler-link'
  255. end
  256. end
  257. end
  258. describe '#plaintext' do
  259. subject { Formatter.instance.plaintext(status) }
  260. context 'with local status' do
  261. let(:status) { Fabricate(:status, text: '<p>a text by a nerd who uses an HTML tag in text</p>', uri: nil) }
  262. it 'returns raw text' do
  263. is_expected.to eq '<p>a text by a nerd who uses an HTML tag in text</p>'
  264. end
  265. end
  266. context 'with remote status' do
  267. let(:status) { Fabricate(:status, account: remote_account, text: '<script>alert("Hello")</script>') }
  268. it 'returns tag-stripped text' do
  269. is_expected.to eq ''
  270. end
  271. end
  272. end
  273. describe '#simplified_format' do
  274. subject { Formatter.instance.simplified_format(account) }
  275. context 'with local status' do
  276. let(:account) { Fabricate(:account, domain: nil, note: text) }
  277. context 'contains linkable mentions for local accounts' do
  278. let(:text) { '@alice' }
  279. before { local_account }
  280. it 'links' do
  281. is_expected.to eq '<p><span class="h-card"><a href="https://cb6e6126.ngrok.io/@alice" class="u-url mention">@<span>alice</span></a></span></p>'
  282. end
  283. end
  284. context 'contains linkable mentions for remote accounts' do
  285. let(:text) { '@bob@remote' }
  286. before { remote_account }
  287. it 'links' do
  288. is_expected.to eq '<p><span class="h-card"><a href="https://remote/" class="u-url mention">@<span>bob</span></a></span></p>'
  289. end
  290. end
  291. context 'contains unlinkable mentions' do
  292. let(:text) { '@alice' }
  293. it 'returns raw mention texts' do
  294. is_expected.to eq '<p>@alice</p>'
  295. end
  296. end
  297. context 'with custom_emojify option' do
  298. let!(:emoji) { Fabricate(:custom_emoji) }
  299. before { account.note = text }
  300. subject { Formatter.instance.simplified_format(account, custom_emojify: true) }
  301. context 'with emoji at the start' do
  302. let(:text) { ':coolcat: Beep boop' }
  303. it 'converts shortcode to image tag' do
  304. is_expected.to match(/<p><img draggable="false" class="emojione" alt=":coolcat:"/)
  305. end
  306. end
  307. context 'with emoji in the middle' do
  308. let(:text) { 'Beep :coolcat: boop' }
  309. it 'converts shortcode to image tag' do
  310. is_expected.to match(/Beep <img draggable="false" class="emojione" alt=":coolcat:"/)
  311. end
  312. end
  313. context 'with concatenated emoji' do
  314. let(:text) { ':coolcat::coolcat:' }
  315. it 'does not touch the shortcodes' do
  316. is_expected.to match(/:coolcat::coolcat:/)
  317. end
  318. end
  319. context 'with emoji at the end' do
  320. let(:text) { 'Beep boop :coolcat:' }
  321. it 'converts shortcode to image tag' do
  322. is_expected.to match(/boop <img draggable="false" class="emojione" alt=":coolcat:"/)
  323. end
  324. end
  325. end
  326. include_examples 'encode and link URLs'
  327. end
  328. context 'with remote status' do
  329. let(:text) { '<script>alert("Hello")</script>' }
  330. let(:account) { Fabricate(:account, domain: 'remote', note: text) }
  331. it 'reformats' do
  332. is_expected.to_not include '<script>alert("Hello")</script>'
  333. end
  334. context 'with custom_emojify option' do
  335. let!(:emoji) { Fabricate(:custom_emoji, domain: remote_account.domain) }
  336. before { remote_account.note = text }
  337. subject { Formatter.instance.simplified_format(remote_account, custom_emojify: true) }
  338. context 'with emoji at the start' do
  339. let(:text) { '<p>:coolcat: Beep boop<br />' }
  340. it 'converts shortcode to image tag' do
  341. is_expected.to match(/<p><img draggable="false" class="emojione" alt=":coolcat:"/)
  342. end
  343. end
  344. context 'with emoji in the middle' do
  345. let(:text) { '<p>Beep :coolcat: boop</p>' }
  346. it 'converts shortcode to image tag' do
  347. is_expected.to match(/Beep <img draggable="false" class="emojione" alt=":coolcat:"/)
  348. end
  349. end
  350. context 'with concatenated emoji' do
  351. let(:text) { '<p>:coolcat::coolcat:</p>' }
  352. it 'does not touch the shortcodes' do
  353. is_expected.to match(/<p>:coolcat::coolcat:<\/p>/)
  354. end
  355. end
  356. context 'with emoji at the end' do
  357. let(:text) { '<p>Beep boop<br />:coolcat:</p>' }
  358. it 'converts shortcode to image tag' do
  359. is_expected.to match(/<br><img draggable="false" class="emojione" alt=":coolcat:"/)
  360. end
  361. end
  362. end
  363. end
  364. end
  365. describe '#sanitize' do
  366. let(:html) { '<script>alert("Hello")</script>' }
  367. subject { Formatter.instance.sanitize(html, Sanitize::Config::MASTODON_STRICT) }
  368. it 'sanitizes' do
  369. is_expected.to eq 'alert("Hello")'
  370. end
  371. end
  372. end