]> git.openstreetmap.org Git - rails.git/blobdiff - test/lib/rich_text_test.rb
Validate URLs against supply-chain attacks
[rails.git] / test / lib / rich_text_test.rb
index e99d594a4e184a14f55e1b104bd73d8dd1da8464..9d00d658d5bac697b3e4a8bce6e4bfb01fc52469 100644 (file)
@@ -1,21 +1,21 @@
-require 'test_helper'
+require "test_helper"
 
 class RichTextTest < ActiveSupport::TestCase
-  include ActionDispatch::Assertions::SelectorAssertions
+  include Rails::Dom::Testing::Assertions::SelectorAssertions
 
   def test_html_to_html
     r = RichText.new("html", "foo http://example.com/ bar")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("html", "foo <a href='http://example.com/'>bar</a> baz")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("html", "foo example@example.com bar")
@@ -27,7 +27,7 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='mailto:example@example.com']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("html", "foo <div>bar</div> baz")
@@ -47,6 +47,33 @@ class RichTextTest < ActiveSupport::TestCase
       assert_select "style", false
       assert_select "p", /^foo *baz$/
     end
+
+    r = RichText.new("html", "<table><tr><td>column</td></tr></table>")
+    assert_html r do
+      assert_select "table[class='table table-sm w-auto']"
+    end
+
+    r = RichText.new("html", "<p class='btn btn-warning'>Click Me</p>")
+    assert_html r do
+      assert_select "p[class='btn btn-warning']", false
+      assert_select "p", /^Click Me$/
+    end
+
+    r = RichText.new("html", "<p style='color:red'>Danger</p>")
+    assert_html r do
+      assert_select "p[style='color:red']", false
+      assert_select "p", /^Danger$/
+    end
+  end
+
+  def test_html_to_text
+    r = RichText.new("html", "foo <a href='http://example.com/'>bar</a> baz")
+    assert_equal "foo <a href='http://example.com/'>bar</a> baz", r.to_text
+  end
+
+  def test_html_spam_score
+    r = RichText.new("html", "foo <a href='http://example.com/'>bar</a> baz")
+    assert_equal 55, r.spam_score.round
   end
 
   def test_markdown_to_html
@@ -54,28 +81,28 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("markdown", "foo [bar](http://example.com/) baz")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("markdown", "foo example@example.com bar")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='mailto:example@example.com']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("markdown", "foo [bar](mailto:example@example.com) bar")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='mailto:example@example.com']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("markdown", "foo ![bar](http://example.com/example.png) bar")
@@ -135,6 +162,33 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "pre", /^\s*foo bar baz\s*$/
     end
+
+    r = RichText.new("markdown", "|column|column")
+    assert_html r do
+      assert_select "table[class='table table-sm w-auto']"
+    end
+
+    r = RichText.new("markdown", "Click Me\n{:.btn.btn-warning}")
+    assert_html r do
+      assert_select "p[class='btn btn-warning']", false
+      assert_select "p", /^Click Me$/
+    end
+
+    r = RichText.new("markdown", "<p style='color:red'>Danger</p>")
+    assert_html r do
+      assert_select "p[style='color:red']", false
+      assert_select "p", /^Danger$/
+    end
+  end
+
+  def test_markdown_to_text
+    r = RichText.new("markdown", "foo [bar](http://example.com/) baz")
+    assert_equal "foo [bar](http://example.com/) baz", r.to_text
+  end
+
+  def test_markdown_spam_score
+    r = RichText.new("markdown", "foo [bar](http://example.com/) baz")
+    assert_equal 50, r.spam_score.round
   end
 
   def test_text_to_html
@@ -142,7 +196,7 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
     r = RichText.new("text", "foo example@example.com bar")
@@ -152,16 +206,26 @@ class RichTextTest < ActiveSupport::TestCase
 
     r = RichText.new("text", "foo < bar & baz > qux")
     assert_html r do
-      assert_select "p", "foo &lt; bar &amp; baz &gt; qux"
+      assert_select "p", "foo < bar & baz > qux"
     end
   end
 
-private
+  def test_text_to_text
+    r = RichText.new("text", "foo http://example.com/ bar")
+    assert_equal "foo http://example.com/ bar", r.to_text
+  end
+
+  def test_text_spam_score
+    r = RichText.new("text", "foo http://example.com/ bar")
+    assert_equal 141, r.spam_score.round
+  end
+
+  private
 
   def assert_html(richtext, &block)
     html = richtext.to_html
-    assert html.html_safe?
-    root = HTML::Document.new(richtext.to_html, false, true).root
+    assert_predicate html, :html_safe?
+    root = Nokogiri::HTML::DocumentFragment.parse(html)
     assert_select root, "*" do
       yield block
     end