editor.js/test/cypress/tests/sanitisation.cy.ts

import type EditorJS from '../../../types/index';
import { OutputData } from '../../../types/index';


/* eslint-disable @typescript-eslint/no-explicit-any */
describe('Sanitizing', () => {
  context('Output should save inline formatting', () => {
    it('should save initial formatting for paragraph', () => {
      cy.createEditor({
        data: {
          blocks: [ {
            type: 'paragraph',
            data: { text: '<b>Bold text</b>' },
          } ],
        },
      })
        .then(async editor => {
          cy.wrap<OutputData>(await editor.save())
            .then((output) => {
              const boldText = output.blocks[0].data.text;

              expect(boldText).to.eq('<b>Bold text</b>');
            });
        });
    });

    it('should save formatting for paragraph', () => {
      cy.createEditor({})
        .as('editorInstance');

      cy.get('[data-cy=editorjs]')
        .get('div.ce-block')
        .click()
        .type('This text should be bold.{selectall}');

      cy.get('[data-cy=editorjs]')
        .get('button.ce-inline-tool--bold')
        .click();

      cy.get('[data-cy=editorjs]')
        .get('div.ce-block')
        .click();

      cy.get<EditorJS>('@editorInstance')
        .then(async editorInstance => {
          cy.wrap(await editorInstance.save())
            .then((output) => {
              const text = output.blocks[0].data.text;

              expect(text).to.match(/<b>This text should be bold\.(<br>)?<\/b>/);
            });
        });
    });

    it('should save formatting for paragraph on paste', () => {
      cy.createEditor({})
        .as('editorInstance');

      cy.get('[data-cy=editorjs]')
        .get('div.ce-block')
        .paste({
          // eslint-disable-next-line @typescript-eslint/naming-convention
          'text/html': '<p>Text</p><p><b>Bold text</b></p>',
        });

      cy.get<EditorJS>('@editorInstance')
        .then(async editorInstance => {
          cy.wrap<OutputData>(await editorInstance.save())
            .then((output) => {
              const boldText = output.blocks[1].data.text;

              expect(boldText).to.eq('<b>Bold text</b>');
            });
        });
    });
  });

  it('should sanitize unwanted html on blocks merging', function () {
    cy.createEditor({
      data: {
        blocks: [
          {
            id: 'block1',
            type: 'paragraph',
            data: {
              text: 'First block',
            },
          },
          {
            id: 'paragraph',
            type: 'paragraph',
            data: {
              /**
               * Tool does not support spans in its sanitization config
               */
              text: 'Second <span id="taint-html">XSS<span> block',
            },
          },
        ],
      },
    }).as('editorInstance');

    cy.get('[data-cy=editorjs]')
      .find('.ce-paragraph')
      .last()
      .click()
      .type('{home}')
      .type('{backspace}');

    cy.get<EditorJS>('@editorInstance')
      .then(async (editor) => {
        const { blocks } = await editor.save();

        expect(blocks[0].data.text).to.eq('First blockSecond XSS block'); // text has been merged, span has been removed
      });
  });
});
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`import type EditorJS from '../../../types/index';`
			`import { OutputData } from '../../../types/index';`
chore(linting): eslint updated, code linted (#2174) * update eslint + autofix * a bunch of eslint fixes * some spelling & eslint fixes * fix some eslint errors and spells * Update __module.ts * a bunch of eslint fixes in tests * Update cypress.yml * Update cypress.yml * fix cypress docker image name * fixes for tests * more tests fixed * rm rule ignore * rm another ignored rule * Update .eslintrc 2022-11-25 18:56:50 +01:00
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`/* eslint-disable @typescript-eslint/no-explicit-any */`
feat(merge): blocks of different types can be merged (#2671) * feature: possibilities to merge blocks of different types * fix: remove scope change * feat: use convert config instead of defined property * chore:: use built-in function for type check * fix: remove console.log * chore: remove styling added by mistakes * test: add testing for different blocks types merging * fix: remove unused import * fix: remove type argument * fix: use existing functions for data export * chore: update changelog * fix: re put await * fix: remove unnecessary check * fix: typo in test name * fix: re-add condition for merge * test: add caret position test * fix caret issues, add sanitize * make if-else statement more clear * upgrade cypress * Update cypress.yml * upd cypress to 13 * make sanitize test simpler * patch rc version --------- Co-authored-by: GuillaumeOnepilot <guillaume@onepilot.co> Co-authored-by: Guillaume Leon <97881811+GuillaumeOnepilot@users.noreply.github.com> 2024-04-01 11:29:47 +02:00			`describe('Sanitizing', () => {`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`context('Output should save inline formatting', () => {`
			`it('should save initial formatting for paragraph', () => {`
			`cy.createEditor({`
			`data: {`
			`blocks: [ {`
			`type: 'paragraph',`
			`data: { text: '<b>Bold text</b>' },`
			`} ],`
			`},`
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`})`
			`.then(async editor => {`
			`cy.wrap<OutputData>(await editor.save())`
			`.then((output) => {`
			`const boldText = output.blocks[0].data.text;`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`expect(boldText).to.eq('<b>Bold text</b>');`
			`});`
			`});`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`});`

			`it('should save formatting for paragraph', () => {`
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`cy.createEditor({})`
			`.as('editorInstance');`

refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`cy.get('[data-cy=editorjs]')`
			`.get('div.ce-block')`
			`.click()`
			`.type('This text should be bold.{selectall}');`

			`cy.get('[data-cy=editorjs]')`
			`.get('button.ce-inline-tool--bold')`
			`.click();`

			`cy.get('[data-cy=editorjs]')`
			`.get('div.ce-block')`
			`.click();`

chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`cy.get<EditorJS>('@editorInstance')`
			`.then(async editorInstance => {`
			`cy.wrap(await editorInstance.save())`
			`.then((output) => {`
			`const text = output.blocks[0].data.text;`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`expect(text).to.match(/<b>This text should be bold\.(<br>)?<\/b>/);`
			`});`
			`});`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`});`

			`it('should save formatting for paragraph on paste', () => {`
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`cy.createEditor({})`
			`.as('editorInstance');`

refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`cy.get('[data-cy=editorjs]')`
			`.get('div.ce-block')`
chore(linting): eslint updated, code linted (#2174) * update eslint + autofix * a bunch of eslint fixes * some spelling & eslint fixes * fix some eslint errors and spells * Update __module.ts * a bunch of eslint fixes in tests * Update cypress.yml * Update cypress.yml * fix cypress docker image name * fixes for tests * more tests fixed * rm rule ignore * rm another ignored rule * Update .eslintrc 2022-11-25 18:56:50 +01:00			`.paste({`
			`// eslint-disable-next-line @typescript-eslint/naming-convention`
			`'text/html': '<p>Text</p><p><b>Bold text</b></p>',`
			`});`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`cy.get<EditorJS>('@editorInstance')`
			`.then(async editorInstance => {`
			`cy.wrap<OutputData>(await editorInstance.save())`
			`.then((output) => {`
			`const boldText = output.blocks[1].data.text;`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00
chore(perf): initialisation and rendering performance optimisations (#2430) * renderer batching * initialization and rendering performance optimized * insertMany api method added * Update index.html * rm old method * upd changelog * upd paragraph * paste tests fixed * api blocks tests fixed * backspace event tests fixed * async issues in tests fixed * eslint * stub block added, tests added * eslint * eslint * add test for insertMany() * Update package.json 2023-08-08 21:17:09 +02:00			`expect(boldText).to.eq('<b>Bold text</b>');`
			`});`
			`});`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`});`
			`});`
feat(merge): blocks of different types can be merged (#2671) * feature: possibilities to merge blocks of different types * fix: remove scope change * feat: use convert config instead of defined property * chore:: use built-in function for type check * fix: remove console.log * chore: remove styling added by mistakes * test: add testing for different blocks types merging * fix: remove unused import * fix: remove type argument * fix: use existing functions for data export * chore: update changelog * fix: re put await * fix: remove unnecessary check * fix: typo in test name * fix: re-add condition for merge * test: add caret position test * fix caret issues, add sanitize * make if-else statement more clear * upgrade cypress * Update cypress.yml * upd cypress to 13 * make sanitize test simpler * patch rc version --------- Co-authored-by: GuillaumeOnepilot <guillaume@onepilot.co> Co-authored-by: Guillaume Leon <97881811+GuillaumeOnepilot@users.noreply.github.com> 2024-04-01 11:29:47 +02:00
			`it('should sanitize unwanted html on blocks merging', function () {`
			`cy.createEditor({`
			`data: {`
			`blocks: [`
			`{`
			`id: 'block1',`
			`type: 'paragraph',`
			`data: {`
			`text: 'First block',`
			`},`
			`},`
			`{`
			`id: 'paragraph',`
			`type: 'paragraph',`
			`data: {`
			`/**`
			`* Tool does not support spans in its sanitization config`
			`*/`
			`text: 'Second <span id="taint-html">XSS<span> block',`
			`},`
			`},`
			`],`
			`},`
			`}).as('editorInstance');`

			`cy.get('[data-cy=editorjs]')`
			`.find('.ce-paragraph')`
			`.last()`
			`.click()`
			`.type('{home}')`
			`.type('{backspace}');`

			`cy.get<EditorJS>('@editorInstance')`
			`.then(async (editor) => {`
			`const { blocks } = await editor.save();`

			`expect(blocks[0].data.text).to.eq('First blockSecond XSS block'); // text has been merged, span has been removed`
			`});`
			`});`
refactoring(modules): sanitizer module is util now (#1574) * refactoring(modules): sanitizer module is util now * Remove Sanitizer from Editor modules signature * Bind context to config composition method * Make sanitizer singletone * Make sanitizer a module instead of class * Fix * Add test cases for default values * Fix inline tools default value * Move inline tools and block tunes to BlockTool instance * Fixes after review & some test cases for sanitisation * Upgrade test case Co-authored-by: Peter Savchenko <specc.dev@gmail.com> 2021-04-08 20:17:23 +02:00			`});`
feat(merge): blocks of different types can be merged (#2671) * feature: possibilities to merge blocks of different types * fix: remove scope change * feat: use convert config instead of defined property * chore:: use built-in function for type check * fix: remove console.log * chore: remove styling added by mistakes * test: add testing for different blocks types merging * fix: remove unused import * fix: remove type argument * fix: use existing functions for data export * chore: update changelog * fix: re put await * fix: remove unnecessary check * fix: typo in test name * fix: re-add condition for merge * test: add caret position test * fix caret issues, add sanitize * make if-else statement more clear * upgrade cypress * Update cypress.yml * upd cypress to 13 * make sanitize test simpler * patch rc version --------- Co-authored-by: GuillaumeOnepilot <guillaume@onepilot.co> Co-authored-by: Guillaume Leon <97881811+GuillaumeOnepilot@users.noreply.github.com> 2024-04-01 11:29:47 +02:00