-
Notifications
You must be signed in to change notification settings - Fork 0
/
link_test.exs
149 lines (112 loc) · 5.13 KB
/
link_test.exs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
defmodule Phoenix.WebComponent.LinkTest do
use ExUnit.Case, async: true
import Phoenix.HTML
import Phoenix.WebComponent.Link
test "link with post" do
csrf_token = Plug.CSRFProtection.get_csrf_token()
assert safe_to_string(wc_link("hello", to: "/world", method: :post)) ==
~s[<a data-csrf="#{csrf_token}" data-method="post" data-to="/world" href="/world" rel="nofollow">hello</a>]
end
test "link with %URI{}" do
url = "https://elixir-lang.org/"
assert safe_to_string(wc_link("elixir", to: url)) ==
safe_to_string(wc_link("elixir", to: URI.parse(url)))
path = "/elixir"
assert safe_to_string(wc_link("elixir", to: path)) ==
safe_to_string(wc_link("elixir", to: URI.parse(path)))
end
test "link with put/delete" do
csrf_token = Plug.CSRFProtection.get_csrf_token()
assert safe_to_string(wc_link("hello", to: "/world", method: :put)) ==
~s[<a data-csrf="#{csrf_token}" data-method="put" data-to="/world" href="/world" rel="nofollow">hello</a>]
end
test "link with put/delete without csrf_token" do
assert safe_to_string(wc_link("hello", to: "/world", method: :put, csrf_token: false)) ==
~s[<a data-method="put" data-to="/world" href="/world" rel="nofollow">hello</a>]
end
test "link with :do contents" do
assert ~s[<a href="/hello"><p>world</p></a>] ==
safe_to_string(
wc_link to: "/hello" do
Phoenix.WebComponent.Tag.content_tag(:p, "world")
end
)
assert safe_to_string(
wc_link(to: "/hello") do
"world"
end
) == ~s[<a href="/hello">world</a>]
end
test "link with scheme" do
assert safe_to_string(wc_link("foo", to: "/javascript:alert(<1>)")) ==
~s[<a href="/javascript:alert(<1>)">foo</a>]
assert safe_to_string(wc_link("foo", to: {:safe, "/javascript:alert(<1>)"})) ==
~s[<a href="/javascript:alert(<1>)">foo</a>]
assert safe_to_string(wc_link("foo", to: {:javascript, "alert(<1>)"})) ==
~s[<a href="javascript:alert(<1>)">foo</a>]
assert safe_to_string(wc_link("foo", to: {:javascript, 'alert(<1>)'})) ==
~s[<a href="javascript:alert(<1>)">foo</a>]
assert safe_to_string(wc_link("foo", to: {:javascript, {:safe, "alert(<1>)"}})) ==
~s[<a href="javascript:alert(<1>)">foo</a>]
assert safe_to_string(wc_link("foo", to: {:javascript, {:safe, 'alert(<1>)'}})) ==
~s[<a href="javascript:alert(<1>)">foo</a>]
end
test "link with invalid args" do
msg = "expected non-nil value for :to in wc_link/2"
assert_raise ArgumentError, msg, fn ->
wc_link("foo", bar: "baz")
end
msg = "link/2 requires a keyword list as second argument"
assert_raise ArgumentError, msg, fn ->
wc_link("foo", "/login")
end
assert_raise ArgumentError, ~r"unsupported scheme given as link", fn ->
wc_link("foo", to: "javascript:alert(1)")
end
assert_raise ArgumentError, ~r"unsupported scheme given as link", fn ->
wc_link("foo", to: {:safe, "javascript:alert(1)"})
end
assert_raise ArgumentError, ~r"unsupported scheme given as link", fn ->
wc_link("foo", to: {:safe, 'javascript:alert(1)'})
end
end
test "wc_button with post (default)" do
csrf_token = Plug.CSRFProtection.get_csrf_token()
assert safe_to_string(wc_button("hello", to: "/world")) ==
~s[<mwc-button data-csrf="#{csrf_token}" data-method="post" data-to="/world">hello</mwc-button>]
end
test "wc_button with %URI{}" do
url = "https://elixir-lang.org/"
assert safe_to_string(wc_button("elixir", to: url, csrf_token: false)) ==
safe_to_string(wc_button("elixir", to: URI.parse(url), csrf_token: false))
end
test "wc_button with post without csrf_token" do
assert safe_to_string(wc_button("hello", to: "/world", csrf_token: false)) ==
~s[<mwc-button data-method="post" data-to="/world">hello</mwc-button>]
end
test "wc_button with get does not generate CSRF" do
assert safe_to_string(wc_button("hello", to: "/world", method: :get)) ==
~s[<mwc-button data-method="get" data-to="/world">hello</mwc-button>]
end
test "wc_button with do" do
csrf_token = Plug.CSRFProtection.get_csrf_token()
output =
safe_to_string(
wc_button to: "/world", class: "small" do
raw("<span>Hi</span>")
end
)
assert output ==
~s[<mwc-button class="small" data-csrf="#{csrf_token}" data-method="post" data-to="/world"><span>Hi</span></mwc-button>]
end
test "wc_button with class overrides default" do
csrf_token = Plug.CSRFProtection.get_csrf_token()
assert safe_to_string(wc_button("hello", to: "/world", class: "btn rounded", id: "btn")) ==
~s[<mwc-button class="btn rounded" data-csrf="#{csrf_token}" data-method="post" data-to="/world" id="btn">hello</mwc-button>]
end
test "wc_button with invalid args" do
assert_raise ArgumentError, ~r/unsupported scheme given as link/, fn ->
wc_button("foo", to: "javascript:alert(1)", method: :get)
end
end
end