xref: /webtrees/tests/app/Elements/AbstractElementTestCase.php (revision 234e0863a607ff8e5f8e78a7fefe5366f39f8ebf)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2023 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Elements;
21
22use Fisharebest\Webtrees\Contracts\ElementInterface;
23use Fisharebest\Webtrees\TestCase;
24use Fisharebest\Webtrees\Tree;
25
26
27abstract class AbstractElementTestCase extends TestCase
28{
29    private const EVIL_VALUE = '<script>evil()</script>';
30    private const TEST_VALUE = '01 JAN 1970';
31
32    protected static ElementInterface $element;
33
34    public function testCanonical(): void
35    {
36        self::assertSame('Foo bAr baZ', self::$element->canonical('Foo  bAr  baZ'));
37        self::assertSame('Foo bAr baZ', self::$element->canonical("\t Foo\t bAr \tbaZ\t "));
38        self::assertSame('Foo bAr baZ', self::$element->canonical("\nFoo \n\r bAr \r\n baZ\r"));
39    }
40
41    public function testEscapeAtSigns(): void
42    {
43        if (static::$element instanceof AbstractXrefElement) {
44            self::assertSame('@X123@', static::$element->escape('@X123@'));
45        } else {
46            self::assertSame('@@X123@@', static::$element->escape('@X123@'));
47        }
48    }
49
50    public function testXssInValue(): void
51    {
52        $tree    = $this->createMock(Tree::class);
53        $html    = static::$element->value(self::EVIL_VALUE, $tree);
54        $message = 'XSS vulnerability in value()';
55
56        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
57    }
58
59    public function testXssInLabelValue(): void
60    {
61        $tree    = $this->createMock(Tree::class);
62        $html    = static::$element->labelValue(self::EVIL_VALUE, $tree);
63        $message = 'XSS vulnerability in labelValue()';
64
65        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
66    }
67
68    public function testXssInEdit(): void
69    {
70        $tree    = $this->createMock(Tree::class);
71        $html    = static::$element->edit('id', 'name', self::EVIL_VALUE, $tree);
72        $message = 'XSS vulnerability in edit()';
73
74        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
75    }
76
77    public function testValidHtmlInValue(): void
78    {
79        $tree = $this->createMock(Tree::class);
80        $html = static::$element->value(self::TEST_VALUE, $tree);
81
82        $this->validateHtml($html);
83    }
84
85    public function testValidHtmlInEdit(): void
86    {
87        $tree = $this->createMock(Tree::class);
88        $html = static::$element->edit('id', 'name', self::TEST_VALUE, $tree);
89
90        $this->validateHtml($html);
91    }
92}
93