Skip to content
Permalink
Browse files Browse the repository at this point in the history
XWIKI-20293: Improved IncludedDocuments panel escaping
  • Loading branch information
manuelleduc committed Oct 28, 2022
1 parent 64a8b7a commit 22f249a
Show file tree
Hide file tree
Showing 3 changed files with 146 additions and 38 deletions.
Expand Up @@ -148,6 +148,14 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<!-- Provides the component list for RenderingScriptService. -->
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-rendering-xwiki</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
Expand Down
Expand Up @@ -37,43 +37,6 @@
<syntaxId>xwiki/2.1</syntaxId>
<hidden>true</hidden>
<content/>
<object>
<name>Panels.IncludedPagesDocumentInformation</name>
<number>0</number>
<className>NumberedHeadings.Code.NumberedHeadingsClass</className>
<guid>1ca27444-5837-4d6b-8e07-2fff6a8b46ed</guid>
<class>
<name>NumberedHeadings.Code.NumberedHeadingsClass</name>
<customClass/>
<customMapping/>
<defaultViewSheet/>
<defaultEditSheet/>
<defaultWeb/>
<nameField/>
<validationScript/>
<status>
<cache>0</cache>
<disabled>0</disabled>
<displayType>select</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>0</multiSelect>
<name>status</name>
<number>1</number>
<prettyName>Status</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<separators>|, </separators>
<size>1</size>
<unmodifiable>0</unmodifiable>
<values>|activated|deactivated</values>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</status>
</class>
<property>
<status/>
</property>
</object>
<object>
<name>Panels.IncludedPagesDocumentInformation</name>
<number>0</number>
Expand Down Expand Up @@ -248,7 +211,10 @@
#if($pages.size() != 0)
{{html clean="false"}}&lt;dt&gt;{{/html}}$services.localization.render('panels.documentInformation.includesCount', [$pages.size()]){{html clean="false"}}&lt;/dt&gt;{{/html}}
#foreach ($page in $pages)
{{html clean="false"}}&lt;dd&gt;{{/html}}[[$page&gt;&gt;$page]] [[[[image:icon:page_white_edit||alt="$services.localization.render('panels.documentInformation.editIncluded', [$page])"]]&gt;&gt;path:$xwiki.getURL($page, 'edit')]]{{html clean="false"}}&lt;/dd&gt;{{/html}}
#set ($pageLink = $services.rendering.escape($page, 'xwiki/2.1'))
#set ($pageName = $services.rendering.escape($services.rendering.escape($page, 'xwiki/2.1'), 'xwiki/2.1'))
#set ($alt = $services.rendering.escape($services.localization.render('panels.documentInformation.editIncluded', [$page]), 'xwiki/2.1'))
{{html clean="false"}}&lt;dd&gt;{{/html}}[[$pageName&gt;&gt;$pageLink]] [[[[image:icon:page_white_edit||alt="$alt"]]&gt;&gt;path:$xwiki.getURL($page, 'edit')]]{{html clean="false"}}&lt;/dd&gt;{{/html}}
#end
#end
##--------------------------------------------------------------------------
Expand Down
@@ -0,0 +1,134 @@
/*
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.xwiki.panels;

import org.jsoup.nodes.Document;
import org.jsoup.select.Elements;
import org.junit.jupiter.api.Test;
import org.xwiki.bridge.event.DocumentCreatedEvent;
import org.xwiki.component.manager.ComponentManager;
import org.xwiki.component.wiki.internal.DefaultWikiComponentManager;
import org.xwiki.component.wiki.internal.DefaultWikiComponentManagerContext;
import org.xwiki.component.wiki.internal.WikiComponentManagerEventListenerHelper;
import org.xwiki.component.wiki.internal.bridge.DefaultContentParser;
import org.xwiki.component.wiki.internal.bridge.DefaultWikiObjectComponentManagerEventListener;
import org.xwiki.component.wiki.internal.bridge.WikiObjectComponentManagerEventListenerProxy;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.observation.EventListener;
import org.xwiki.rendering.RenderingScriptServiceComponentList;
import org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRenderer;
import org.xwiki.rendering.internal.configuration.DefaultExtendedRenderingConfiguration;
import org.xwiki.rendering.internal.configuration.RenderingConfigClassDocumentConfigurationSource;
import org.xwiki.rendering.syntax.Syntax;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.test.annotation.ComponentList;
import org.xwiki.test.page.HTML50ComponentList;
import org.xwiki.test.page.PageTest;
import org.xwiki.test.page.TestNoScriptMacro;
import org.xwiki.test.page.XWikiSyntax21ComponentList;
import org.xwiki.uiextension.internal.DefaultUIExtensionManager;
import org.xwiki.uiextension.internal.WikiUIExtensionComponentBuilder;
import org.xwiki.uiextension.script.UIExtensionScriptService;

import com.xpn.xwiki.doc.XWikiDocument;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
import static org.xwiki.component.wiki.internal.bridge.DefaultWikiObjectComponentManagerEventListener.EVENT_LISTENER_NAME;

/**
* Test of {@code Panels.IncludedPagesDocumentInformation}.
*
* @version $Id$
* @since 14.10RC1
* @since 14.4.7
*/
@XWikiSyntax21ComponentList
@HTML50ComponentList
@RenderingScriptServiceComponentList
@ComponentList({
UIExtensionScriptService.class,
DefaultUIExtensionManager.class,
DefaultWikiObjectComponentManagerEventListener.class,
WikiObjectComponentManagerEventListenerProxy.class,
WikiComponentManagerEventListenerHelper.class,
DefaultWikiComponentManager.class,
DefaultWikiComponentManagerContext.class,
WikiUIExtensionComponentBuilder.class,
DefaultContentParser.class,
// Start - Required in addition of RenderingScriptServiceComponentList
DefaultExtendedRenderingConfiguration.class,
RenderingConfigClassDocumentConfigurationSource.class,
// End - Required in additional of RenderingScriptServiceComponentList
DefaultBlockAsyncRenderer.class,
TestNoScriptMacro.class
})
class IncludedPagesDocumentInformationPageTest extends PageTest
{
@Test
void render() throws Exception
{
// Load the UIX.
XWikiDocument includedPagesDoc =
loadPage(new DocumentReference("xwiki", "Panels", "IncludedPagesDocumentInformation"));
this.componentManager.registerComponent(ComponentManager.class, "wiki", this.componentManager);
AuthorizationManager authorizationManager =
this.componentManager.registerMockComponent(AuthorizationManager.class);
when(authorizationManager.hasAccess(any(), any(), any())).thenReturn(true);
// The listeners are not registered by default. We trigger it manually so that the UIX is registered and can be
// found and rendered.
this.componentManager.<EventListener>getInstance(EventListener.class, EVENT_LISTENER_NAME)
.onEvent(new DocumentCreatedEvent(), includedPagesDoc, null);

// We initialize a document with an include macro, so that the UIX has something to render.
this.context.setDoc(initDocWithInclude());
// Create the UIXP so that the UIX can be rendered.
Document document = renderHTMLPage(initUIXPDoc());
Elements as = document.select("a");
assertEquals("XWiki.{{noscript}}\">]]<strong>bold</strong>\"", as.get(0).attr("href"));
assertEquals("path:/xwiki/bin/edit/XWiki/%7B%7Bnoscript%7D%7D%22%3E%5D%5D%3Cstrong%3Ebold%3C%2Fstrong%3E%22",
as.get(1).attr("href"));
assertEquals("panels.documentInformation.editIncluded [XWiki.{{noscript}}\">]]<strong>bold</strong>\"]",
as.get(1).selectFirst("img").attr("alt"));
}

private XWikiDocument initDocWithInclude()
{
XWikiDocument document = new XWikiDocument(new DocumentReference("xwiki", "XWiki", "PageWithReference"));
document.setSyntax(Syntax.XWIKI_2_0);
document.setContent("{{display reference=\"{{noscript~}~}~\">]]<strong>bold</strong>~\"\"/}}");
return document;
}

private static XWikiDocument initUIXPDoc()
{
XWikiDocument document = new XWikiDocument(new DocumentReference("xwiki", "XWiki", "Test"));
document.setSyntax(Syntax.XWIKI_2_0);
document.setContent("{{velocity}}\n"
+ "{{html}}\n"
+ "#foreach ($extension in $services.uix.getExtensions('org.xwiki.platform.panels.documentInformation'))\n"
+ " $services.rendering.render($extension.execute(), 'html/5.0')\n"
+ "#end\n"
+ "{{/html}}"
+ "{{/velocity}}");
return document;
}
}

0 comments on commit 22f249a

Please sign in to comment.