" . \' .';
seo()->{$method}($unsanitizedContent);
$meta = meta();
$sanitizedContent = e($unsanitizedContent);
// These assertions are equivalent, but included for clarity
expect($meta)->not()->toContain('content="Testing string " with several \' XSS characters " . \' ."');
expect($meta)->not()->toContain("content=\"{$unsanitizedContent}\"");
expect($meta)->toContain("");
expect($meta)->toContain("");
})->with([
['site', 'og:site_name'],
['url', 'og:url'],
['image', 'og:image'],
['type', 'og:type'],
['locale', 'og:locale'],
]);
// The Twitter integration is tested separately as it uses `meta name=""` instead of `meta property=""`
test('the twitter extension properly sanitizes input', function (string $method, $property) {
$unsanitizedContent = 'Testing string " with several \' XSS characters " . \' .';
seo()->{$method}($unsanitizedContent);
$meta = meta();
$sanitizedContent = e($unsanitizedContent);
// These assertions are equivalent, but included for clarity
expect($meta)->not()->toContain('content="Testing string " with several \' XSS characters " . \' ."');
expect($meta)->not()->toContain("content=\"{$unsanitizedContent}\"");
expect($meta)->toContain("");
expect($meta)->toContain("");
})->with([
['twitterCreator', 'twitter:creator'],
['twitterSite', 'twitter:site'],
['twitterTitle', 'twitter:title'],
['twitterDescription', 'twitter:description'],
['twitterImage', 'twitter:image'],
]);
// This method is tested separately as it adds an extra () tag
test('the title method properly sanitizes both tags', function () {
$unsanitizedContent = 'Testing string " with several \' XSS characters " . \' .';
seo()->title($unsanitizedContent);
$meta = meta();
$sanitizedContent = e($unsanitizedContent);
// These assertions are equivalent, but included for clarity
expect($meta)->not()->toContain('meta property="og:title" content="Testing string " with several \' XSS characters " . \' ."');
expect($meta)->not()->toContain('Testing string " with several \' XSS characters " . \' ."');
expect($meta)->not()->toContain("meta property=\"og:title\" content=\"{$unsanitizedContent}\"");
expect($meta)->not()->toContain("{$unsanitizedContent}");
expect($meta)->toContain("{$sanitizedContent}");
expect($meta)->toContain("Testing string " with several ' XSS characters </title> " . ' .");
expect($meta)->toContain("");
expect($meta)->toContain("");
});
test('seo blade directive calls are sanitized', function () {
seo(['image' => $string = 'Testing string " with several \' XSS characters " . \' .']);
$escaped = e($string);
// Using @seo() to get a value
expect(blade(')
'))
->toBe("![](\"{$escaped}\")
")
->not()->toBe('
" . \' ."');
// Using @seo() to set a value
expect(blade("@seo('description', 'abc \' def &')"))->toBe('abc ' def &');
});