diff options
author | Christoph Wurst <ChristophWurst@users.noreply.github.com> | 2021-06-22 20:27:06 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-22 20:27:06 +0300 |
commit | e2b1f1436bee18985b833de7b881b53033ac8718 (patch) | |
tree | e021013dad013dbe37c16af9bec9283f4d511753 /tests | |
parent | ed9ba94102e8596e8adc31197fa60c58338a09d7 (diff) | |
parent | 4bdcc023a36eca8000e08249cbaba086ee42a328 (diff) |
Merge pull request #5189 from nextcloud/fix/noid/sanitize-css-style-sheets
Sanitize urls in css style sheets
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Unit/Service/HtmlTest.php | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/Unit/Service/HtmlTest.php b/tests/Unit/Service/HtmlTest.php index 778068d3c..98938431e 100644 --- a/tests/Unit/Service/HtmlTest.php +++ b/tests/Unit/Service/HtmlTest.php @@ -91,4 +91,28 @@ class HtmlTest extends TestCase { ["abc-- \r\ndef", 'ghi', "abc-- \r\ndef-- \r\nghi"], ]; } + + public function testSanitizeStyleSheet() { + $blockedUrl = '/apps/mail/img/blocked-image.png'; + $urlGenerator = self::createMock(IURLGenerator::class); + $urlGenerator->expects(self::any()) + ->method('imagePath') + ->with('mail', 'blocked-image.png') + ->willReturn($blockedUrl); + $request = OC::$server->get(IRequest::class); + + $styleSheet = implode(' ', [ + 'big { background-image: url(https://tracker.com/script.png); }', + 'ul { list-style: url(https://tracker.com/script.png) outside; }', + ]); + $expected = implode('', [ + "<style type=\"text/css\" data-original-content=\"$styleSheet\">", + "big{background-image:url(\"$blockedUrl\");}ul{list-style:url(\"$blockedUrl\") outside;}", + '</style>', + ]); + + $html = new Html($urlGenerator, $request); + $sanitizedStyleSheet = $html->sanitizeStyleSheet($styleSheet); + self::assertSame($expected, $sanitizedStyleSheet); + } } |