xref: /webtrees/tests/app/Elements/AbstractElementTestCase.php (revision 1da5dadd02c9f21e0a345e21a19b2c63ae792ed3)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2023 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Elements;
21
22use Fisharebest\Webtrees\Contracts\ElementInterface;
23use Fisharebest\Webtrees\TestCase;
24use Fisharebest\Webtrees\Tree;
25
26/**
27 * Common tests for ElementInterface
28 */
29abstract class AbstractElementTestCase extends TestCase
30{
31    private const EVIL_VALUE = '<script>evil()</script>';
32    private const TEST_VALUE = '01 JAN 1970';
33
34    protected static ElementInterface $element;
35
36    public function testCanonical(): void
37    {
38        self::assertSame('Foo bAr baZ', self::$element->canonical('Foo  bAr  baZ'));
39        self::assertSame('Foo bAr baZ', self::$element->canonical("\t Foo\t bAr \tbaZ\t "));
40        self::assertSame('Foo bAr baZ', self::$element->canonical("\nFoo \n\r bAr \r\n baZ\r"));
41    }
42
43    public function testEscapeAtSigns(): void
44    {
45        if (static::$element instanceof AbstractXrefElement) {
46            self::assertSame('@X123@', static::$element->escape('@X123@'));
47        } else {
48            self::assertSame('@@X123@@', static::$element->escape('@X123@'));
49        }
50    }
51
52    public function testXssInValue(): void
53    {
54        $tree    = $this->createMock(Tree::class);
55        $html    = static::$element->value(self::EVIL_VALUE, $tree);
56        $message = 'XSS vulnerability in value()';
57
58        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
59    }
60
61    public function testXssInLabelValue(): void
62    {
63        $tree    = $this->createMock(Tree::class);
64        $html    = static::$element->labelValue(self::EVIL_VALUE, $tree);
65        $message = 'XSS vulnerability in labelValue()';
66
67        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
68    }
69
70    public function testXssInEdit(): void
71    {
72        $tree    = $this->createMock(Tree::class);
73        $html    = static::$element->edit('id', 'name', self::EVIL_VALUE, $tree);
74        $message = 'XSS vulnerability in edit()';
75
76        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
77    }
78
79    public function testValidHtmlInValue(): void
80    {
81        $tree = $this->createMock(Tree::class);
82        $html = static::$element->value(self::TEST_VALUE, $tree);
83
84        $this->validateHtml($html);
85    }
86
87    public function testValidHtmlInEdit(): void
88    {
89        $tree = $this->createMock(Tree::class);
90        $html = static::$element->edit('id', 'name', self::TEST_VALUE, $tree);
91
92        $this->validateHtml($html);
93    }
94}
95