Merge pull request #5189 from nextcloud/fix/noid/sanitize-css-style-sheets

Sanitize urls in css style sheets

1 files changed, 24 insertions, 0 deletions

diff --git a/tests/Unit/Service/HtmlTest.php b/tests/Unit/Service/HtmlTest.php
index 778068d3c..98938431e 100644
--- a/tests/Unit/Service/HtmlTest.php
+++ b/tests/Unit/Service/HtmlTest.php
@@ -91,4 +91,28 @@ class HtmlTest extends TestCase {
 			["abc-- \r\ndef", 'ghi', "abc-- \r\ndef-- \r\nghi"],
 		];
 	}
+
+	public function testSanitizeStyleSheet() {
+		$blockedUrl = '/apps/mail/img/blocked-image.png';
+		$urlGenerator = self::createMock(IURLGenerator::class);
+		$urlGenerator->expects(self::any())
+			->method('imagePath')
+			->with('mail', 'blocked-image.png')
+			->willReturn($blockedUrl);
+		$request = OC::$server->get(IRequest::class);
+
+		$styleSheet = implode(' ', [
+			'big { background-image: url(https://tracker.com/script.png); }',
+			'ul { list-style: url(https://tracker.com/script.png) outside; }',
+		]);
+		$expected = implode('', [
+			"<style type=\"text/css\" data-original-content=\"$styleSheet\">",
+			"big{background-image:url(\"$blockedUrl\");}ul{list-style:url(\"$blockedUrl\") outside;}",
+			'</style>',
+		]);
+
+		$html = new Html($urlGenerator, $request);
+		$sanitizedStyleSheet = $html->sanitizeStyleSheet($styleSheet);
+		self::assertSame($expected, $sanitizedStyleSheet);
+	}
 }