# frozen_string_literal: true require 'rails_helper' require 'pretty_text' describe PrettyText do before do SiteSetting.enable_markdown_typographer = false end def n(html) html.strip end def cook(*args) PrettyText.cook(*args) end let(:wrapped_image) { "
" } describe "Quoting" do describe "with avatar" do let(:default_avatar) { "//test.localhost/uploads/default/avatars/42d/57c/46ce7ee487/{size}.png" } fab!(:user) { Fabricate(:user) } before do User.stubs(:default_template).returns(default_avatar) end it "do off topic quoting with emoji unescape" do topic = Fabricate(:topic, title: "this is a test topic :slight_smile:") expected = <<~HTML HTML expect(cook("[quote=\"EvilTrout, post:2, topic:#{topic.id}\"]\nddd\n[/quote]", topic_id: 1)).to eq(n(expected)) end context "emojis" do let(:md) do <<~MD > This is a quote with a regular emoji :upside_down_face: > This is a quote with an emoji shortcut :) > This is a quote with a Unicode emoji ๐ MD end it "does not unescape emojis when emojis are disabled" do SiteSetting.enable_emoji = false html = <<~HTMLThis is a quote with a regular emoji :upside_down_face:
This is a quote with an emoji shortcut :)
HTML expect(cook(md)).to eq(html.strip) end it "does not convert emoji shortcuts when emoji shortcuts are disabled" do SiteSetting.enable_emoji_shortcuts = false html = <<~HTMLThis is a quote with a Unicode emoji ๐
This is a quote with a regular emoji
This is a quote with an emoji shortcut :)
HTML expect(cook(md)).to eq(html.strip) end it "unescapes all emojis" do html = <<~HTMLThis is a quote with a Unicode emoji
This is a quote with a regular emoji
This is a quote with an emoji shortcut
HTML expect(cook(md)).to eq(html.strip) end it "adds an only-emoji class when a line has only one emoji" do md = <<~MD โน๏ธ foo ๐ foo ๐ bar :smile_cat: :smile_cat: :smile_cat: :smile_cat: :smile_cat: :smile_cat: :smile_cat: baz? :smile_cat: ๐ ๐ foo ๐ ๐ ๐ ๐ ๐ ๐ ๐ ๐๐๐ ๐ ๐ ๐ ๐d๐ ๐ ๐ ๐ ๐d ๐๐๐๐ MD html = <<~HTMLThis is a quote with a Unicode emoji
foo
foo bar
baz?
foo
dโ:wink:
d
This is a quote with a regular emoji
This is a quote with an emoji shortcut
HTML expect(cook(md)).to eq(html.strip) end it "does use emoji CDN when others CDNs are also enabled" do set_cdn_url('https://cdn.com') setup_s3 SiteSetting.s3_cdn_url = "https://s3.cdn.com" SiteSetting.external_emoji_url = "https://emoji.cdn.com" html = <<~HTMLThis is a quote with a Unicode emoji
This is a quote with a regular emoji
This is a quote with an emoji shortcut
HTML expect(cook(md)).to eq(html.strip) end end it "do off topic quoting of posts from secure categories" do category = Fabricate(:category, read_restricted: true) topic = Fabricate(:topic, title: "this is topic with secret category", category: category) expected = <<~HTML HTML expect(cook("[quote=\"maja, post:3, topic:#{topic.id}\"]\nI have nothing to say.\n[/quote]", topic_id: 1)).to eq(n(expected)) end it "indifferent about missing quotations" do md = <<~MD [quote=#{user.username}, post:123, topic:456, full:true] ddd [/quote] MD html = <<~HTML HTML expect(PrettyText.cook(md)).to eq(html.strip) end it "indifferent about curlies and no curlies" do md = <<~MD [quote=โ#{user.username}, post:123, topic:456, full:trueโ] ddd [/quote] MD html = <<~HTML HTML expect(PrettyText.cook(md)).to eq(html.strip) end it "trims spaces on quote params" do md = <<~MD [quote="#{user.username}, post:555, topic: 666"] ddd [/quote] MD html = <<~HTML HTML expect(PrettyText.cook(md)).to eq(html.strip) end end describe "with primary user group" do let(:default_avatar) { "//test.localhost/uploads/default/avatars/42d/57c/46ce7ee487/{size}.png" } fab!(:group) { Fabricate(:group) } fab!(:user) { Fabricate(:user, primary_group: group) } before do User.stubs(:default_template).returns(default_avatar) end it "adds primary group class to referenced users quote" do topic = Fabricate(:topic, title: "this is a test topic") expected = <<~HTML HTML expect(cook("[quote=\"#{user.username}, post:2, topic:#{topic.id}\"]\nddd\n[/quote]", topic_id: 1)).to eq(n(expected)) end end it "can handle inline block bbcode" do cooked = PrettyText.cook("[quote]te **s** t[/quote]") html = <<~HTML HTML expect(cooked).to eq(html.strip) end it "handles bbcode edge cases" do expect(PrettyText.cook "[constructor]\ntest").to eq("This is a quote with a Unicode emoji
[constructor]
\ntest
test test
\n@bob
") end it "should handle 3 mentions in a row" do expect(PrettyText.cook('@hello @hello @hello')).to match_html "@hello @hello @hello
" end it "can handle mention edge cases" do expect(PrettyText.cook("hi\n@s")).to eq("hi
\n@s
hi
\n@ss
hi
\n@s.
hi
\n@s.s
hi
\n@.s.s
hi
\n@user. @GROUP @somemention @group2
test @#{group.name} test
| ) end it "assigns the notify class if the user can mention" do group = Fabricate(:group, visibility_level: Group.visibility_levels[:members], mentionable_level: Group::ALIAS_LEVELS[:members_mods_and_admins] ) expect(PrettyText.cook("test @#{group.name} test", user_id: Fabricate(:admin).id)).to eq( %Q|test @#{group.name} test
| ) end it 'does not mention staged users' do user = Fabricate(:user, staged: true) expect(PrettyText.cook("something @#{user.username} something")).to eq( %Q|something @#{user.username} something
| ) end describe 'when mentions are disabled' do before do SiteSetting.enable_mentions = false end it 'should not convert mentions to links' do _user = Fabricate(:user) expect(PrettyText.cook('hi @user')).to eq('hi @user
') end end it "can handle mentions inside a hyperlink" do expect(PrettyText.cook(" @inner ")).to match_html '' end it "can handle mentions inside a hyperlink" do expect(PrettyText.cook("[link @inner](http://site.com)")).to match_html '' end it "can handle a list of mentions" do expect(PrettyText.cook("@a,@b")).to match_html('@a,@b
') end it "should handle group mentions with a hyphen and without" do expect(PrettyText.cook('@hello @hello-hello')).to match_html "@hello @hello-hello
" end it 'should allow for @mentions to have punctuation' do expect(PrettyText.cook("hello @bob's @bob,@bob; @bob\"")).to match_html( "hello @bob's @bob,@bob; @bob\"
" ) end it 'should not treat a medium link as a mention' do expect(PrettyText.cook(". http://test/@sam")).not_to include('mention') end context "with Unicode usernames disabled" do before { SiteSetting.unicode_usernames = false } it 'does not detect mention' do expect(PrettyText.cook("Hello @็ฎๅญ")).to_not include("mention") end end context "with Unicode usernames enabled" do before { SiteSetting.unicode_usernames = true } it 'does detect mention' do expect(PrettyText.cook("Hello @็ฎๅญ")).to match_html 'Hello @็ฎๅญ
' end end end describe "code fences" do it 'indents code correctly' do code = <<~MD X ``` # x ``` MD cooked = PrettyText.cook(code) html = <<~HTMLX
#
x
HTML
expect(cooked).to eq(html.strip)
end
it "doesn't replace emoji in code blocks with our emoji sets if emoji is enabled" do
expect(PrettyText.cook("```\n๐ฃ`\n```\n")).not_to match(/\:bomb\:/)
end
it 'can include code class correctly' do
# keep in mind spaces should be trimmed per spec
expect(PrettyText.cook("``` ruby the mooby\n`````")).to eq('
')
expect(PrettyText.cook("```cpp\ncpp\n```")).to match_html("cpp\n
")
expect(PrettyText.cook("```\ncpp\n```")).to match_html("cpp\n
")
expect(PrettyText.cook("```text\ncpp\n```")).to match_html("cpp\n
")
end
it 'indents code correctly' do
code = "X\n```\n\n #\n x\n```"
cooked = PrettyText.cook(code)
expect(cooked).to match_html("X
\n\n #\n x\n
")
end
it 'does censor code fences' do
begin
['apple', 'banana'].each { |w| Fabricate(:watched_word, word: w, action: WatchedWord.actions[:censor]) }
expect(PrettyText.cook("# banana")).not_to include('banana')
ensure
Discourse.redis.flushdb
end
end
it "strips out unicode bidirectional (bidi) override characters and replaces with a highlighted span" do
code = <<~MD
X
```js
var isAdmin = false;
/*โฎ begin admin only */โฆ if (isAdmin) โฉ โฆ {
console.log("You are an admin.");
/* end admins only โฎ*/โฆ }
```
MD
cooked = PrettyText.cook(code)
hidden_bidi_title = I18n.t("post.hidden_bidi_character")
html = <<~HTML
X
var isAdmin = false;
/*<U+202E> begin admin only */<U+2066> if (isAdmin) <U+2069> <U+2066> {
console.log("You are an admin.");
/* end admins only <U+202E>*/<U+2066> }
HTML
expect(cooked).to eq(html.strip)
end
it "fuzzes all possible dangerous unicode bidirectional (bidi) override characters, making sure they are replaced" do
bad_bidi = [
"\u202A",
"\u202B",
"\u202C",
"\u202D",
"\u202E",
"\u2066",
"\u2067",
"\u2068",
"\u2069",
]
bad_bidi.each do |bidi|
code = <<~MD
```
#{bidi}
```
MD
cooked = PrettyText.cook(code)
formatted_bidi = format("<U+%04X>", bidi.ord)
html = <<~HTML
#{formatted_bidi}
HTML
expect(cooked).to eq(html.strip)
end
end
it "fuzzes all possible dangerous unicode bidirectional (bidi) override characters in solo code and pre nodes, making sure they are replaced" do
bad_bidi = [
"\u202A",
"\u202B",
"\u202C",
"\u202D",
"\u202E",
"\u2066",
"\u2067",
"\u2068",
"\u2069",
]
bad_bidi.each do |bidi|
code = <<~MD
#{bidi}
MD
cooked = PrettyText.cook(code)
formatted_bidi = format("<U+%04X>", bidi.ord)
html = <<~HTML
#{formatted_bidi}
#{bidi}MD cooked = PrettyText.cook(code) formatted_bidi = format("<U+%04X>", bidi.ord) html = <<~HTML
#{formatted_bidi}
HTML
expect(cooked).to eq(html.strip)
end
end
end
describe "rel attributes" do
before do
SiteSetting.add_rel_nofollow_to_user_content = true
SiteSetting.exclude_rel_nofollow_domains = "foo.com|bar.com"
end
it "should inject nofollow in all user provided links" do
expect(PrettyText.cook('cnn')).to match(/noopener nofollow ugc/)
end
it "should not inject nofollow in all local links" do
expect(PrettyText.cook("cnn") !~ /nofollow ugc/).to eq(true)
end
it "should not inject nofollow in all subdomain links" do
expect(PrettyText.cook("cnn") !~ /nofollow ugc/).to eq(true)
end
it "should inject nofollow in all non subdomain links" do
expect(PrettyText.cook("cnn")).to match(/nofollow ugc/)
end
it "should not inject nofollow for foo.com" do
expect(PrettyText.cook("cnn") !~ /nofollow ugc/).to eq(true)
end
it "should inject nofollow for afoo.com" do
expect(PrettyText.cook("cnn")).to match(/nofollow ugc/)
end
it "should not inject nofollow for bar.foo.com" do
expect(PrettyText.cook("cnn") !~ /nofollow ugc/).to eq(true)
end
it "should not inject nofollow if omit_nofollow option is given" do
expect(PrettyText.cook('cnn', omit_nofollow: true) !~ /nofollow ugc/).to eq(true)
end
it 'adds the noopener attribute even if omit_nofollow option is given' do
raw_html = 'Check out my site!'
expect(
PrettyText.cook(raw_html, omit_nofollow: true)
).to match(/noopener/)
end
it 'adds the noopener attribute even if omit_nofollow option is given' do
raw_html = 'Check out my site!'
expect(
PrettyText.cook(raw_html, omit_nofollow: false)
).to match(/noopener nofollow ugc/)
end
end
describe "Excerpt" do
it "sanitizes attempts to inject invalid attributes" do
spinner = "", 100)).to eq("[image]")
end
context 'alt tags' do
it "should keep alt tags" do
expect(PrettyText.excerpt("", 100)).to eq("[car]")
end
describe 'when alt tag is empty' do
it "should not keep alt tags" do
expect(PrettyText.excerpt("", 100)).to eq("[#{I18n.t('excerpt_image')}]")
end
end
end
context 'title tags' do
it "should keep title tags" do
expect(PrettyText.excerpt("", 100)).to eq("[car]")
end
describe 'when title tag is empty' do
it "should not keep title tags" do
expect(PrettyText.excerpt("", 100)).to eq("[#{I18n.t('excerpt_image')}]")
end
end
end
it "should convert images to markdown if the option is set" do
expect(PrettyText.excerpt("", 100, markdown_images: true)).to eq("![car](http://cnn.com/a.gif)")
end
it "should keep details if too long" do
expect(PrettyText.excerpt("hello
hello
", 100)).to eq("") end it "should truncate stuff properly" do expect(PrettyText.excerpt("hello world", 5)).to eq("hello…") expect(PrettyText.excerpt("
hello
world
", 6)).to eq("hello w…") end it "should insert a space between to Ps" do expect(PrettyText.excerpt("a
b
", 5)).to eq("a b") end it "should strip quotes" do expect(PrettyText.excerpt("boom", 5)).to eq("boom") end it "should not count the surrounds of a link" do expect(PrettyText.excerpt("cnn", 3)).to match_html "cnn" end it "uses an ellipsis instead of html entities if provided with the option" do expect(PrettyText.excerpt("cnn", 2, text_entities: true)).to match_html "cn..." end it "should truncate links" do expect(PrettyText.excerpt("cnn", 2)).to match_html "cn…" end it "doesn't extract empty quotes as links" do expect(PrettyText.extract_links("\n").to_a).to be_empty end it "doesn't extract links from elided parts" do expect(PrettyText.extract_links("<h3>Hours</h3>
", 100)).to eq("<h3>Hours</h3>")
end
it "should handle nil" do
expect(PrettyText.excerpt(nil, 100)).to eq('')
end
it "handles custom bbcode excerpt" do
raw = <<~RAW
[excerpt]
hello [site](https://site.com)
[/excerpt]
more stuff
RAW
post = Fabricate(:post, raw: raw)
expect(post.excerpt).to eq("hello site")
end
it "handles div excerpt at the beginning of a post" do
expect(PrettyText.excerpt("Listen to this!
HTML expect(PrettyText.excerpt(html, 100)).to eq("Listen to this!") html = <<~HTMLWatch this, but do not include the video in the excerpt.
HTML ellipsis = "…" excerpt_size = 40 excerpt = PrettyText.excerpt(html, excerpt_size) expect(excerpt.size).to eq(excerpt_size + ellipsis.size) expect(excerpt).to eq("Watch this, but do not include the video#{ellipsis}") end end describe "strip links" do it "returns blank for blank input" do expect(PrettyText.strip_links("")).to be_blank end it "does nothing to a string without links" do expect(PrettyText.strip_links("I'm the batman")).to eq("I'm the batman") end it "strips links but leaves the text content" do expect(PrettyText.strip_links("I'm the linked batman")).to eq("I'm the linked batman") end it "escapes the text content" do expect(PrettyText.strip_links("I'm the linked <batman>")).to eq("I'm the linked <batman>") end end describe "strip_image_wrapping" do def strip_image_wrapping(html) doc = Nokogiri::HTML5.fragment(html) described_class.strip_image_wrapping(doc) doc.to_html end it "doesn't change HTML when there's no wrapped image" do html = "" expect(strip_image_wrapping(html)).to eq(html) end it "strips the metadata" do expect(strip_image_wrapping(wrapped_image)).to match_html "" end end describe 'format_for_email' do let(:base_url) { "http://baseurl.net" } fab!(:post) { Fabricate(:post) } before do Discourse.stubs(:base_url).returns(base_url) end it 'does not crash' do PrettyText.format_for_email('test', post) end it "adds base url to relative links" do html = "@wiseguy, @trollol what do you guys think?
" output = described_class.format_for_email(html, post) expect(output).to eq("@wiseguy, @trollol what do you guys think?
") end it "doesn't change external absolute links" do html = "Check out this guy.
" expect(described_class.format_for_email(html, post)).to eq(html) end it "doesn't change internal absolute links" do html = "Check out this guy.
" expect(described_class.format_for_email(html, post)).to eq(html) end it "can tolerate invalid URLs" do html = "Check out this guy.
" expect { described_class.format_for_email(html, post) }.to_not raise_error end it "doesn't change mailto" do html = "Contact me at this address.
" expect(PrettyText.format_for_email(html, post)).to eq(html) end it "prefers data-original-href attribute to get Vimeo iframe link and escapes it" do html = "Check out this video โ .
" expect(PrettyText.format_for_email(html, post)).to match(Regexp.escape("https://vimeo.com/329875646/%3E%20%3Cscript%3Ealert(1)%3C/script%3E")) end describe "#convert_vimeo_iframes" do it "converts