# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
include FilterSpecHelper
shared_examples "XSS prevention" do |lang|
it "escapes HTML tags" do
# This is how a script tag inside a code block is presented to this filter
# after Markdown rendering.
result = filter(%{<script>alert(1)</script>
})
# `(1)` symbols are wrapped by lexer tags.
expect(result.to_html).not_to match(%r{"
end
end
context 'when multiple param delimiters are used' do
let(:lang) { 'suggestion' }
let(:lang_params) { '-1+10' }
let(:expected_result) do
%{}
end
context 'when delimiter is space' do
it 'delimits on the first appearance' do
result = filter(%{This is a test
})
expect(result.to_html.delete("\n")).to eq(expected_result)
end
end
context 'when delimiter is colon' do
it 'delimits on the first appearance' do
result = filter(%{This is a test
})
expect(result.to_html.delete("\n")).to eq(expected_result)
end
end
end
end
context "when sourcepos metadata is available" do
it "includes it in the highlighted code block" do
result = filter('This is a test
')
expect(result.to_html.delete("\n")).to eq('')
end
end
context "when Rouge lexing fails" do
before do
allow_next_instance_of(Rouge::Lexers::Ruby) do |instance|
allow(instance).to receive(:stream_tokens).and_raise(StandardError)
end
end
it "highlights as plaintext" do
result = filter('This is a test
')
expect(result.to_html.delete("\n")).to eq('')
end
include_examples "XSS prevention", "ruby"
end
context "when Rouge lexing fails after a retry" do
before do
allow_next_instance_of(Rouge::Lexers::PlainText) do |instance|
allow(instance).to receive(:stream_tokens).and_raise(StandardError)
end
end
it "does not add highlighting classes" do
result = filter('This is a test
')
expect(result.to_html).to eq('This is a test
')
end
include_examples "XSS prevention", "ruby"
end
end