tainacan/tests/test-html-injection.php

<?php

namespace Tainacan\Tests;

/**
 * Class TestCollections
 *
 * @package Test_Tainacan
 */

/**
 * Sample test case.
 */
class HTML_Injection extends TAINACAN_UnitTestCase
{

	function test_item_metadata()
	{
		$Tainacan_Items = \Tainacan\Repositories\Items::get_instance();
		$Tainacan_Metadata = \Tainacan\Repositories\Metadata::get_instance();
		$Tainacan_Collections = \Tainacan\Repositories\Collections::get_instance();
		$Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance();

		// Evil attempts
		$link   = "<a href='www.tainacan.org'>link</a>";
		$js     = "<script>alert('XSS')</script>";
		$css    = "my text along with some style <style>a { display: none }</style>";
		$iframe = "<iframe src='www.tainacan.org' title='Taiancan'></iframe>";

		// Accepted formatting
		$strong = "I have some info to tell the world. And I can <strong> bold it </strong>";
		$html	= "<div><h1>Main Info</h1><h3>sub title</h3><p>My structure description<p></p>and another paragraph</p></div>";

		$collection = $this->tainacan_entity_factory->create_entity(
			'collection',
			array(
				'name' => 'collection name <a href="www.tainacan.org">link <a href="link2.com.br"> link2 </a> </a>',
				'description' => 'collection description',
			),
			true
		);
		$collection = $Tainacan_Collections->fetch($collection->get_id());
		// $this->assertEquals($collection->get_name(), 'collection name link link2');
		
		$metadatum = $this->tainacan_entity_factory->create_entity(
			'metadatum',
			array(
				'name'              => 'metadatum name <a href="www.tainacan.org">link</a>',
				'description'       => 'metadatum description',
				'collection'        => $collection,
				'metadata_type'  => 'Tainacan\Metadata_Types\Text',
			),
			true
		);
		$metadatum = $Tainacan_Metadata->fetch($metadatum->get_id());
		// $this->assertEquals($metadatum->get_name(), 'metadatum name link');

		$item = $this->tainacan_entity_factory->create_entity(
			'item',
			array(
				'title'       => 'title item <script>console.log("XSS")</script>',
				'description' => 'description item  <iframe src="www.tainacan.org" title="Taiancan"></iframe>',
				'collection'  => $collection
			),
			true
		);
		$item = $Tainacan_Items->fetch($item->get_id());
		// $this->assertEquals($item->get_title(), 'title item console.log("XSS")');
		// $this->assertEquals($item->get_description(), 'description item');

		// Test metadata
		$item_metadata = new \Tainacan\Entities\Item_Metadata_Entity($item, $metadatum);
		$item_metadata->set_value($js);
		$item_metadata->validate();
		$item_metadata = $Tainacan_Item_Metadata->insert($item_metadata);

		$this->assertEquals($item_metadata->get_value(), "alert('XSS')");

		$item_metadata->set_value($link);
		$item_metadata->validate();
		$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);
		$this->assertEquals($item_metadata->get_value(), 'link');

		$item_metadata->set_value($css);
		$item_metadata->validate();
		$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);
		$this->assertEquals($item_metadata->get_value(), 'my text along with some style a { display: none }');

		$item_metadata->set_value($iframe);
		$item_metadata->validate();
		$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);
		$this->assertEquals($item_metadata->get_value(), '');

		$item_metadata->set_value($strong);
		$item_metadata->validate();
		$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);
		$this->assertEquals($item_metadata->get_value(), $strong);

		$item_metadata->set_value($html);
		$item_metadata->validate();
		$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);
		$this->assertEquals($item_metadata->get_value(), $html);

		// Test terms
	}
}
feat: add test to injection HTML 2021-02-04 19:07:33 +00:00			`<?php`

			`namespace Tainacan\Tests;`

			`/**`
			`* Class TestCollections`
			`*`
			`* @package Test_Tainacan`
			`*/`

			`/**`
			`* Sample test case.`
			`*/`
			`class HTML_Injection extends TAINACAN_UnitTestCase`
			`{`

			`function test_item_metadata()`
			`{`
			`$Tainacan_Items = \Tainacan\Repositories\Items::get_instance();`
			`$Tainacan_Metadata = \Tainacan\Repositories\Metadata::get_instance();`
			`$Tainacan_Collections = \Tainacan\Repositories\Collections::get_instance();`
			`$Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance();`

introduces new test cases 2021-02-05 15:05:16 +00:00			`// Evil attempts`
			`$link = "<a href='www.tainacan.org'>link</a>";`
			`$js = "<script>alert('XSS')</script>";`
			`$css = "my text along with some style <style>a { display: none }</style>";`
			`$iframe = "<iframe src='www.tainacan.org' title='Taiancan'></iframe>";`
Disallows a HTML tag from content 2021-02-05 04:37:26 +00:00
Adds tests for allowed tags 2021-02-05 15:25:52 +00:00			`// Accepted formatting`
			`$strong = "I have some info to tell the world. And I can <strong> bold it </strong>";`
			`$html = "<div><h1>Main Info</h1><h3>sub title</h3><p>My structure description<p></p>and another paragraph</p></div>";`

feat: add test to injection HTML 2021-02-04 19:07:33 +00:00			`$collection = $this->tainacan_entity_factory->create_entity(`
			`'collection',`
			`array(`
			`'name' => 'collection name <a href="www.tainacan.org">link <a href="link2.com.br"> link2 </a> </a>',`
			`'description' => 'collection description',`
			`),`
			`true`
			`);`
			`$collection = $Tainacan_Collections->fetch($collection->get_id());`
Better organizes html injection tests class 2021-02-05 14:26:30 +00:00			`// $this->assertEquals($collection->get_name(), 'collection name link link2');`

feat: add test to injection HTML 2021-02-04 19:07:33 +00:00			`$metadatum = $this->tainacan_entity_factory->create_entity(`
			`'metadatum',`
			`array(`
			`'name' => 'metadatum name <a href="www.tainacan.org">link</a>',`
			`'description' => 'metadatum description',`
			`'collection' => $collection,`
			`'metadata_type' => 'Tainacan\Metadata_Types\Text',`
			`),`
			`true`
			`);`
			`$metadatum = $Tainacan_Metadata->fetch($metadatum->get_id());`
Better organizes html injection tests class 2021-02-05 14:26:30 +00:00			`// $this->assertEquals($metadatum->get_name(), 'metadatum name link');`
feat: add test to injection HTML 2021-02-04 19:07:33 +00:00
			`$item = $this->tainacan_entity_factory->create_entity(`
			`'item',`
			`array(`
			`'title' => 'title item <script>console.log("XSS")</script>',`
			`'description' => 'description item <iframe src="www.tainacan.org" title="Taiancan"></iframe>',`
			`'collection' => $collection`
			`),`
			`true`
			`);`
			`$item = $Tainacan_Items->fetch($item->get_id());`
Better organizes html injection tests class 2021-02-05 14:26:30 +00:00			`// $this->assertEquals($item->get_title(), 'title item console.log("XSS")');`
			`// $this->assertEquals($item->get_description(), 'description item');`
feat: add test to injection HTML 2021-02-04 19:07:33 +00:00
Better organizes html injection tests class 2021-02-05 14:26:30 +00:00			`// Test metadata`
feat: add test to injection HTML 2021-02-04 19:07:33 +00:00			`$item_metadata = new \Tainacan\Entities\Item_Metadata_Entity($item, $metadatum);`
Better organizes html injection tests class 2021-02-05 14:26:30 +00:00			`$item_metadata->set_value($js);`
feat: add test to injection HTML 2021-02-04 19:07:33 +00:00			`$item_metadata->validate();`
			`$item_metadata = $Tainacan_Item_Metadata->insert($item_metadata);`

			`$this->assertEquals($item_metadata->get_value(), "alert('XSS')");`
Disallows a HTML tag from content 2021-02-05 04:37:26 +00:00
			`$item_metadata->set_value($link);`
			`$item_metadata->validate();`
			`$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);`
			`$this->assertEquals($item_metadata->get_value(), 'link');`

introduces new test cases 2021-02-05 15:05:16 +00:00			`$item_metadata->set_value($css);`
			`$item_metadata->validate();`
			`$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);`
			`$this->assertEquals($item_metadata->get_value(), 'my text along with some style a { display: none }');`

			`$item_metadata->set_value($iframe);`
			`$item_metadata->validate();`
			`$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);`
			`$this->assertEquals($item_metadata->get_value(), '');`

Adds tests for allowed tags 2021-02-05 15:25:52 +00:00			`$item_metadata->set_value($strong);`
			`$item_metadata->validate();`
			`$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);`
			`$this->assertEquals($item_metadata->get_value(), $strong);`

			`$item_metadata->set_value($html);`
			`$item_metadata->validate();`
			`$item_metadata = $Tainacan_Item_Metadata->update($item_metadata);`
			`$this->assertEquals($item_metadata->get_value(), $html);`

Better organizes html injection tests class 2021-02-05 14:26:30 +00:00			`// Test terms`
feat: add test to injection HTML 2021-02-04 19:07:33 +00:00			`}`
			`}`