hedgedoc/frontend/cypress/e2e/linkSchemes.spec.ts

/*
 * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */

describe('markdown formatted links to', () => {
  beforeEach(() => {
    cy.visitTestNote()
  })

  it('external domains render as external link', () => {
    cy.setCodemirrorContent('[external](https://hedgedoc.org/)')
    cy.getMarkdownBody()
      .find('a')
      .should('have.attr', 'href', 'https://hedgedoc.org/')
      .should('have.attr', 'rel', 'noreferer noopener')
      .should('have.attr', 'target', '_blank')
  })

  it('note anchor references render as anchor link', () => {
    cy.setCodemirrorContent('[anchor](#anchor)')
    cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')
  })

  it('internal pages render as internal link', () => {
    cy.setCodemirrorContent('[internal](other-note)')
    cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')
  })

  it('data URIs do not render', () => {
    cy.setCodemirrorContent('[data](data:text/plain,evil)')
    cy.getMarkdownBody().find('a').should('not.exist')
  })

  it('javascript URIs do not render', () => {
    cy.setCodemirrorContent('[js](javascript:alert("evil"))')
    cy.getMarkdownBody().find('a').should('not.exist')
  })
})

describe('HTML anchor element links to', () => {
  beforeEach(() => {
    cy.visitTestNote()
  })

  it('external domains render as external link', () => {
    cy.setCodemirrorContent('<a href="https://hedgedoc.org/">external</a>')
    cy.getMarkdownBody()
      .find('a')
      .should('have.attr', 'href', 'https://hedgedoc.org/')
      .should('have.attr', 'rel', 'noreferer noopener')
      .should('have.attr', 'target', '_blank')
  })

  it('note anchor references render as anchor link', () => {
    cy.setCodemirrorContent('<a href="#anchor">anchor</a>')
    cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')
  })

  it('internal pages render as internal link', () => {
    cy.setCodemirrorContent('<a href="other-note">internal</a>')
    cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')
  })

  it('data URIs do not render', () => {
    cy.setCodemirrorContent('<a href="data:text/plain,evil">data</a>')
    cy.getMarkdownBody().find('a').should('not.have.attr', 'href')
  })

  it('javascript URIs do not render', () => {
    cy.setCodemirrorContent('<a href="javascript:alert(\'evil\')">js</a>')
    cy.getMarkdownBody().find('a').should('not.have.attr', 'href')
  })
})
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`/*`
Update dependency cypress to v10 (#2095) * Update dependency cypress to v10 * Migrate cypress files Signed-off-by: Renovate Bot <bot@renovateapp.com> Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-06-08 07:19:51 -04:00			`* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`*`
			`* SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

			`describe('markdown formatted links to', () => {`
			`beforeEach(() => {`
Add new visit functions in e2e tests Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-01-30 15:46:43 -05:00			`cy.visitTestNote()`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('external domains render as external link', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('[external](https://hedgedoc.org/)')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`cy.getMarkdownBody()`
			`.find('a')`
			`.should('have.attr', 'href', 'https://hedgedoc.org/')`
			`.should('have.attr', 'rel', 'noreferer noopener')`
			`.should('have.attr', 'target', '_blank')`
			`})`

			`it('note anchor references render as anchor link', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('[anchor](#anchor)')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('internal pages render as internal link', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('[internal](other-note)')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('data URIs do not render', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('[data](data:text/plain,evil)')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('not.exist')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('javascript URIs do not render', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('[js](javascript:alert("evil"))')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('not.exist')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`
			`})`

			`describe('HTML anchor element links to', () => {`
			`beforeEach(() => {`
Add new visit functions in e2e tests Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-01-30 15:46:43 -05:00			`cy.visitTestNote()`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('external domains render as external link', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('<a href="https://hedgedoc.org/">external</a>')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`cy.getMarkdownBody()`
			`.find('a')`
			`.should('have.attr', 'href', 'https://hedgedoc.org/')`
			`.should('have.attr', 'rel', 'noreferer noopener')`
			`.should('have.attr', 'target', '_blank')`
			`})`

			`it('note anchor references render as anchor link', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('<a href="#anchor">anchor</a>')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/test#anchor')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('internal pages render as internal link', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('<a href="other-note">internal</a>')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('have.attr', 'href', 'http://127.0.0.1:3001/n/other-note')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('data URIs do not render', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('<a href="data:text/plain,evil">data</a>')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('not.have.attr', 'href')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`

			`it('javascript URIs do not render', () => {`
Add slide mode with reveal.js Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-10-04 06:50:39 -04:00			`cy.setCodemirrorContent('<a href="javascript:alert(\'evil\')">js</a>')`
Add dom purify (#1609) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2021-11-02 03:15:33 -04:00			`cy.getMarkdownBody().find('a').should('not.have.attr', 'href')`
Disallow data and javascript URIs (#1186) * Disallow data and javascript URIs Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2021-04-11 16:48:31 -04:00			`})`
			`})`