QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-09 14:34:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Addresses SSRF risk

Browse Source
This commit is contained in:
mchev
2026-03-21 19:14:51 +01:00
parent d4e19646ee
commit 07757e747e
7 changed files with 124 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/Unit/PdfHtmlSanitizerTest.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
use App\Support\PdfHtmlSanitizer;
it('removes img tags that could trigger SSRF during PDF rendering', function () {
$html = "<p>Hi</p><img src='http://example.com/x'>";
expect(PdfHtmlSanitizer::sanitize($html))->not->toContain('<img');
});
it('preserves basic formatting tags', function () {
$html = '<p><b>Bold</b> and <i>italic</i></p>';
expect(PdfHtmlSanitizer::sanitize($html))->toContain('<b>')->toContain('<i>');
});
it('strips style and link attributes that may carry URLs', function () {
$html = '<p style="background:url(http://example.com/)">x</p><a href="http://evil">y</a>';
$out = PdfHtmlSanitizer::sanitize($html);
expect($out)->not->toContain('style=')->not->toContain('href=')->not->toContain('example.com');
});
it('returns empty string for empty input', function () {
expect(PdfHtmlSanitizer::sanitize(''))->toBe('');
});