xref: /webtrees/tests/app/Elements/AbstractElementTestCase.php (revision 211018ab9ab6a5da13d161c40032525dfebcd13f)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2023 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Elements;
21
22use Fisharebest\Webtrees\Contracts\ElementInterface;
23use Fisharebest\Webtrees\TestCase;
24use Fisharebest\Webtrees\Tree;
25
26abstract class AbstractElementTestCase extends TestCase
27{
28    private const EVIL_VALUE = '<script>evil()</script>';
29    private const TEST_VALUE = '01 JAN 1970';
30
31    protected static ElementInterface $element;
32
33    public function testCanonical(): void
34    {
35        self::assertSame('Foo bAr baZ', self::$element->canonical('Foo  bAr  baZ'));
36        self::assertSame('Foo bAr baZ', self::$element->canonical("\t Foo\t bAr \tbaZ\t "));
37        self::assertSame('Foo bAr baZ', self::$element->canonical("\nFoo \n\r bAr \r\n baZ\r"));
38    }
39
40    public function testEscapeAtSigns(): void
41    {
42        if (static::$element instanceof AbstractXrefElement) {
43            self::assertSame('@X123@', static::$element->escape('@X123@'));
44        } else {
45            self::assertSame('@@X123@@', static::$element->escape('@X123@'));
46        }
47    }
48
49    public function testXssInValue(): void
50    {
51        $tree    = $this->createMock(Tree::class);
52        $html    = static::$element->value(self::EVIL_VALUE, $tree);
53        $message = 'XSS vulnerability in value()';
54
55        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
56    }
57
58    public function testXssInLabelValue(): void
59    {
60        $tree    = $this->createMock(Tree::class);
61        $html    = static::$element->labelValue(self::EVIL_VALUE, $tree);
62        $message = 'XSS vulnerability in labelValue()';
63
64        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
65    }
66
67    public function testXssInEdit(): void
68    {
69        $tree    = $this->createMock(Tree::class);
70        $html    = static::$element->edit('id', 'name', self::EVIL_VALUE, $tree);
71        $message = 'XSS vulnerability in edit()';
72
73        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
74    }
75
76    public function testValidHtmlInValue(): void
77    {
78        $tree = $this->createMock(Tree::class);
79        $html = static::$element->value(self::TEST_VALUE, $tree);
80
81        $this->validateHtml($html);
82    }
83
84    public function testValidHtmlInEdit(): void
85    {
86        $tree = $this->createMock(Tree::class);
87        $html = static::$element->edit('id', 'name', self::TEST_VALUE, $tree);
88
89        $this->validateHtml($html);
90    }
91}
92