xref: /webtrees/tests/app/Elements/AbstractElementTestCase.php (revision b66f5d1a598af9dae3642e6df8d62dc086ee8a44)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2023 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Elements;
21
22use Fisharebest\Webtrees\Contracts\ElementInterface;
23use Fisharebest\Webtrees\TestCase;
24use Fisharebest\Webtrees\Tree;
25
26/**
27 * Common tests for ElementInterface
28 */
29abstract class AbstractElementTestCase extends TestCase
30{
31    private const EVIL_VALUE = '<script>evil()</script>';
32    private const TEST_VALUE = '01 JAN 1970';
33
34    protected static ElementInterface $element;
35
36    /**
37     * @return void
38     */
39    public function testCanonical(): void
40    {
41        self::assertSame('Foo bAr baZ', self::$element->canonical('Foo  bAr  baZ'));
42        self::assertSame('Foo bAr baZ', self::$element->canonical("\t Foo\t bAr \tbaZ\t "));
43        self::assertSame('Foo bAr baZ', self::$element->canonical("\nFoo \n\r bAr \r\n baZ\r"));
44    }
45
46    /**
47     * @return void
48     */
49    public function testEscapeAtSigns(): void
50    {
51        if (static::$element instanceof AbstractXrefElement) {
52            self::assertSame('@X123@', static::$element->escape('@X123@'));
53        } else {
54            self::assertSame('@@X123@@', static::$element->escape('@X123@'));
55        }
56    }
57
58    /**
59     * @return void
60     */
61    public function testXssInValue(): void
62    {
63        $tree    = $this->createMock(Tree::class);
64        $html    = static::$element->value(self::EVIL_VALUE, $tree);
65        $message = 'XSS vulnerability in value()';
66
67        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
68    }
69
70    /**
71     * @return void
72     */
73    public function testXssInLabelValue(): void
74    {
75        $tree    = $this->createMock(Tree::class);
76        $html    = static::$element->labelValue(self::EVIL_VALUE, $tree);
77        $message = 'XSS vulnerability in labelValue()';
78
79        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
80    }
81
82    /**
83     * @return void
84     */
85    public function testXssInEdit(): void
86    {
87        $tree    = $this->createMock(Tree::class);
88        $html    = static::$element->edit('id', 'name', self::EVIL_VALUE, $tree);
89        $message = 'XSS vulnerability in edit()';
90
91        self::assertStringNotContainsStringIgnoringCase(self::EVIL_VALUE, $html, $message);
92    }
93
94    /**
95     * @return void
96     */
97    public function testValidHtmlInValue(): void
98    {
99        $tree = $this->createMock(Tree::class);
100        $html = static::$element->value(self::TEST_VALUE, $tree);
101
102        $this->validateHtml($html);
103    }
104
105    /**
106     * @return void
107     */
108    public function testValidHtmlInEdit(): void
109    {
110        $tree = $this->createMock(Tree::class);
111        $html = static::$element->edit('id', 'name', self::TEST_VALUE, $tree);
112
113        $this->validateHtml($html);
114    }
115}
116