require 'rails_helper' RSpec.describe Formatter do let(:local_account) { Fabricate(:account, domain: nil, username: 'alice') } let(:remote_account) { Fabricate(:account, domain: 'remote.test', username: 'bob', url: 'https://remote.test/') } shared_examples 'encode and link URLs' do context 'given a stand-alone medium URL' do let(:text) { 'https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4' } it 'matches the full URL' do is_expected.to include 'href="https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4"' end end context 'given a stand-alone google URL' do let(:text) { 'http://google.com' } it 'matches the full URL' do is_expected.to include 'href="http://google.com"' end end context 'given a stand-alone IDN URL' do let(:text) { 'https://nic.みんな/' } it 'matches the full URL' do is_expected.to include 'href="https://nic.みんな/"' end it 'has display URL' do is_expected.to include 'nic.みんな/' end end context 'given a URL with a trailing period' do let(:text) { 'http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona. ' } it 'matches the full URL but not the period' do is_expected.to include 'href="http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona"' end end context 'given a URL enclosed with parentheses' do let(:text) { '(http://google.com/)' } it 'matches the full URL but not the parentheses' do is_expected.to include 'href="http://google.com/"' end end context 'given a URL with a trailing exclamation point' do let(:text) { 'http://www.google.com!' } it 'matches the full URL but not the exclamation point' do is_expected.to include 'href="http://www.google.com"' end end context 'given a URL with a trailing single quote' do let(:text) { "http://www.google.com'" } it 'matches the full URL but not the single quote' do is_expected.to include 'href="http://www.google.com"' end end context 'given a URL with a trailing angle bracket' do let(:text) { 'http://www.google.com>' } it 'matches the full URL but not the angle bracket' do is_expected.to include 'href="http://www.google.com"' end end context 'given a URL with a query string' do context 'with escaped unicode character' do let(:text) { 'https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=autolink' } it 'matches the full URL' do is_expected.to include 'href="https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=autolink"' end end context 'with unicode character' do let(:text) { 'https://www.ruby-toolbox.com/search?utf8=✓&q=autolink' } it 'matches the full URL' do is_expected.to include 'href="https://www.ruby-toolbox.com/search?utf8=✓&q=autolink"' end end context 'with unicode character at the end' do let(:text) { 'https://www.ruby-toolbox.com/search?utf8=✓' } it 'matches the full URL' do is_expected.to include 'href="https://www.ruby-toolbox.com/search?utf8=✓"' end end context 'with escaped and not escaped unicode characters' do let(:text) { 'https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&utf81=✓&q=autolink' } it 'preserves escaped unicode characters' do is_expected.to include 'href="https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&utf81=✓&q=autolink"' end end end context 'given a URL with parentheses in it' do let(:text) { 'https://en.wikipedia.org/wiki/Diaspora_(software)' } it 'matches the full URL' do is_expected.to include 'href="https://en.wikipedia.org/wiki/Diaspora_(software)"' end end context 'given a URL in quotation marks' do let(:text) { '"https://example.com/"' } it 'does not match the quotation marks' do is_expected.to include 'href="https://example.com/"' end end context 'given a URL in angle brackets' do let(:text) { '' } it 'does not match the angle brackets' do is_expected.to include 'href="https://example.com/"' end end context 'given a URL with Japanese path string' do let(:text) { 'https://ja.wikipedia.org/wiki/日本' } it 'matches the full URL' do is_expected.to include 'href="https://ja.wikipedia.org/wiki/日本"' end end context 'given a URL with Korean path string' do let(:text) { 'https://ko.wikipedia.org/wiki/대한민국' } it 'matches the full URL' do is_expected.to include 'href="https://ko.wikipedia.org/wiki/대한민국"' end end context 'given a URL with a full-width space' do let(:text) { 'https://example.com/ abc123' } it 'does not match the full-width space' do is_expected.to include 'href="https://example.com/"' end end context 'given a URL in Japanese quotation marks' do let(:text) { '「[https://example.org/」' } it 'does not match the quotation marks' do is_expected.to include 'href="https://example.org/"' end end context 'given a URL with Simplified Chinese path string' do let(:text) { 'https://baike.baidu.com/item/中华人民共和国' } it 'matches the full URL' do is_expected.to include 'href="https://baike.baidu.com/item/中华人民共和国"' end end context 'given a URL with Traditional Chinese path string' do let(:text) { 'https://zh.wikipedia.org/wiki/臺灣' } it 'matches the full URL' do is_expected.to include 'href="https://zh.wikipedia.org/wiki/臺灣"' end end context 'given a URL containing unsafe code (XSS attack, visible part)' do let(:text) { %q{http://example.com/bb} } it 'does not include the HTML in the URL' do is_expected.to include '"http://example.com/b"' end it 'escapes the HTML' do is_expected.to include '<del>b</del>' end end context 'given a URL containing unsafe code (XSS attack, invisible part)' do let(:text) { %q{http://example.com/blahblahblahblah/a} } it 'does not include the HTML in the URL' do is_expected.to include '"http://example.com/blahblahblahblah/a"' end it 'escapes the HTML' do is_expected.to include '<script>alert("Hello")</script>' end end context 'given text containing HTML code (script tag)' do let(:text) { '' } it 'escapes the HTML' do is_expected.to include '

<script>alert("Hello")</script>

' end end context 'given text containing HTML (XSS attack)' do let(:text) { %q{} } it 'escapes the HTML' do is_expected.to include '

<img src="javascript:alert('XSS');">

' end end context 'given an invalid URL' do let(:text) { 'http://www\.google\.com' } it 'outputs the raw URL' do is_expected.to eq '

http://www\.google\.com

' end end context 'given text containing a hashtag' do let(:text) { '#hashtag' } it 'creates a hashtag link' do is_expected.to include '/tags/hashtag" class="mention hashtag" rel="tag">#hashtag' end end context 'given text containing a hashtag with Unicode chars' do let(:text) { '#hashtagタグ' } it 'creates a hashtag link' do is_expected.to include '/tags/hashtag%E3%82%BF%E3%82%B0" class="mention hashtag" rel="tag">#hashtagタグ' end end end describe '#format_spoiler' do subject { Formatter.instance.format_spoiler(status) } context 'given a post containing plain text' do let(:status) { Fabricate(:status, text: 'text', spoiler_text: 'Secret!', uri: nil) } it 'Returns the spoiler text' do is_expected.to eq 'Secret!' end end context 'given a post with an emoji shortcode at the start' do let!(:emoji) { Fabricate(:custom_emoji) } let(:status) { Fabricate(:status, text: 'text', spoiler_text: ':coolcat: Secret!', uri: nil) } let(:text) { ':coolcat: Beep boop' } it 'converts the shortcode to an image tag' do is_expected.to match(/:coolcat:@alice Hello world' end end context 'given a post containing plain text' do let(:status) { Fabricate(:status, text: 'text', uri: nil) } it 'paragraphizes the text' do is_expected.to eq '

text

' end end context 'given a post containing line feeds' do let(:status) { Fabricate(:status, text: "line\nfeed", uri: nil) } it 'removes line feeds' do is_expected.not_to include "\n" end end context 'given a post containing linkable mentions' do let(:status) { Fabricate(:status, mentions: [ Fabricate(:mention, account: local_account) ], text: '@alice') } it 'creates a mention link' do is_expected.to include '@alice' end end context 'given a post containing unlinkable mentions' do let(:status) { Fabricate(:status, text: '@alice', uri: nil) } it 'does not create a mention link' do is_expected.to include '@alice' end end context do subject do status = Fabricate(:status, text: text, uri: nil) Formatter.instance.format(status) end include_examples 'encode and link URLs' end context 'given a post with custom_emojify option' do let!(:emoji) { Fabricate(:custom_emoji) } let(:status) { Fabricate(:status, account: local_account, text: text) } subject { Formatter.instance.format(status, custom_emojify: true) } context 'given a post with an emoji shortcode at the start' do let(:text) { ':coolcat: Beep boop' } it 'converts the shortcode to an image tag' do is_expected.to match(/

:coolcat::coolcat: Beep boop
' } it 'converts the shortcode to an image tag' do is_expected.to match(/

:coolcat:Beep :coolcat: boop

' } it 'converts the shortcode to an image tag' do is_expected.to match(/Beep :coolcat::coolcat::coolcat:

' } it 'does not touch the shortcodes' do is_expected.to match(/

:coolcat::coolcat:<\/p>/) end end context 'given a post with an emoji shortcode at the end' do let(:text) { '

Beep boop
:coolcat:

' } it 'converts the shortcode to an image tag' do is_expected.to match(/
:coolcat:alert("Hello")' } it 'strips the scripts' do is_expected.to_not include '' end end context 'given a post containing malicious classes' do let(:text) { 'Show more' } it 'strips the malicious classes' do is_expected.to_not include 'status__content__spoiler-link' end end end describe '#plaintext' do subject { Formatter.instance.plaintext(status) } context 'given a post with local status' do let(:status) { Fabricate(:status, text: '

a text by a nerd who uses an HTML tag in text

', uri: nil) } it 'returns the raw text' do is_expected.to eq '

a text by a nerd who uses an HTML tag in text

' end end context 'given a post with remote status' do let(:status) { Fabricate(:status, account: remote_account, text: '') } it 'returns tag-stripped text' do is_expected.to eq '' end end end describe '#simplified_format' do subject { Formatter.instance.simplified_format(account) } context 'given a post with local status' do let(:account) { Fabricate(:account, domain: nil, note: text) } context 'given a post containing linkable mentions for local accounts' do let(:text) { '@alice' } before { local_account } it 'creates a mention link' do is_expected.to eq '

@alice

' end end context 'given a post containing linkable mentions for remote accounts' do let(:text) { '@bob@remote.test' } before { remote_account } it 'creates a mention link' do is_expected.to eq '

@bob

' end end context 'given a post containing unlinkable mentions' do let(:text) { '@alice' } it 'does not create a mention link' do is_expected.to eq '

@alice

' end end context 'given a post with custom_emojify option' do let!(:emoji) { Fabricate(:custom_emoji) } before { account.note = text } subject { Formatter.instance.simplified_format(account, custom_emojify: true) } context 'given a post with an emoji shortcode at the start' do let(:text) { ':coolcat: Beep boop' } it 'converts the shortcode to an image tag' do is_expected.to match(/

:coolcat:alert("Hello")' } let(:account) { Fabricate(:account, domain: 'remote', note: text) } it 'reformats' do is_expected.to_not include '' end context 'with custom_emojify option' do let!(:emoji) { Fabricate(:custom_emoji, domain: remote_account.domain) } before { remote_account.note = text } subject { Formatter.instance.simplified_format(remote_account, custom_emojify: true) } context 'given a post with an emoji shortcode at the start' do let(:text) { '

:coolcat: Beep boop
' } it 'converts shortcode to image tag' do is_expected.to match(/

:coolcat:Beep :coolcat: boop

' } it 'converts shortcode to image tag' do is_expected.to match(/Beep :coolcat::coolcat::coolcat:

' } it 'does not touch the shortcodes' do is_expected.to match(/

:coolcat::coolcat:<\/p>/) end end context 'given a post with an emoji shortcode at the end' do let(:text) { '

Beep boop
:coolcat:

' } it 'converts shortcode to image tag' do is_expected.to match(/
:coolcat:alert("Hello")' } subject { Formatter.instance.sanitize(html, Sanitize::Config::GABSOCIAL_STRICT) } it 'sanitizes' do is_expected.to eq '' end end end