# Pleroma: A lightweight social networking server # Copyright © 2017-2021 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do use Pleroma.DataCase, async: true alias Pleroma.Web.ActivityPub.MRF alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup @html_sample """ this is in bold

this is a paragraph

this is a linebreak
this is a link with allowed "rel" attribute: example.com this is a link with not allowed "rel" attribute: example.com this is an image:

mean

""" @expected """ this is in bold

this is a paragraph

this is a linebreak
this is a link with allowed "rel" attribute: example.com this is a link with not allowed "rel" attribute: example.com this is an image:

alert('hacked') mean

""" test "it filter html tags" do message = %{"type" => "Create", "object" => %{"content" => @html_sample}} assert {:ok, res} = NormalizeMarkup.filter(message) assert res["object"]["content"] == @expected end test "history-aware" do message = %{ "type" => "Create", "object" => %{ "content" => @html_sample, "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]} } } assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message) assert %{ "content" => @expected, "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]} } = res["object"] end test "works with Updates" do message = %{ "type" => "Update", "object" => %{ "content" => @html_sample, "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]} } } assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message) assert %{ "content" => @expected, "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]} } = res["object"] end test "it skips filter if type isn't `Create` or `Update`" do message = %{"type" => "Note", "object" => %{}} assert {:ok, res} = NormalizeMarkup.filter(message) assert res == message end end