github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-04 17:04:32 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Filtered scripts in custom HTML head for exports

Browse Source 
Since it appeared to cause problems in some scenarios.
Related to #2490
This commit is contained in:
Dan Brown
2021-05-03 23:59:52 +01:00
parent c50ac022a8
commit 43b6633183
10 changed files with 101 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/Entity/ExportTest.php
View File

@ -1,5 +1,6 @@
<?php namespace Tests\Entity;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Chapter;
use BookStack\Entities\Models\Page;
use Illuminate\Support\Facades\Storage;
@ -214,4 +215,19 @@ class ExportTest extends TestCase
$resp->assertSee('src="/uploads/svg_test.svg"');
}
public function test_exports_removes_scripts_from_custom_head()
{
$entities = [
Page::query()->first(), Chapter::query()->first(), Book::query()->first(),
];
setting()->put('app-custom-head', '<script>window.donkey = "cat";</script><style>.my-test-class { color: red; }</style>');
foreach ($entities as $entity) {
$resp = $this->asEditor()->get($entity->getUrl('/export/html'));
$resp->assertDontSee('window.donkey');
$resp->assertDontSee('script');
$resp->assertSee('.my-test-class { color: red; }');
}
}
}