Fixed content parsing break with line html comment

Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.

For #2804

Author: ssddanbrown

app/Entities/Tools/PageContent.php

@@ -332,7 +332,7 @@ protected function parsePageIncludes(string $html): string
     protected function fetchSectionOfPage(Page $page, string $sectionId): string
     {
         $topLevelTags = ['table', 'ul', 'ol'];
-        $doc = $this->loadDocumentFromHtml('<body>' . $page->html . '</body>');
+        $doc = $this->loadDocumentFromHtml($page->html);
 
         // Search included content for the id given and blank out if not exists.
         $matchingElem = $doc->getElementById($sectionId);
@@ -363,6 +363,7 @@ protected function loadDocumentFromHtml(string $html): DOMDocument
     {
         libxml_use_internal_errors(true);
         $doc = new DOMDocument();
+        $html = '<body>' . $html . '</body>';
         $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
         return $doc;
     }

app/Util/HtmlContentFilter.php

@@ -1,7 +1,6 @@
 <?php namespace BookStack\Util;
 
 use DOMDocument;
-use DOMNode;
 use DOMNodeList;
 use DOMXPath;
 
@@ -16,6 +15,7 @@ public static function removeScripts(string $html): string
             return $html;
         }
 
+        $html = '<body>' . $html . '</body>';
         libxml_use_internal_errors(true);
         $doc = new DOMDocument();
         $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
@@ -61,11 +61,10 @@ public static function removeScripts(string $html): string
     /**
      * Removed all of the given DOMNodes.
      */
-    static protected function removeNodes(DOMNodeList $nodes): void
+    protected static function removeNodes(DOMNodeList $nodes): void
     {
         foreach ($nodes as $node) {
             $node->parentNode->removeChild($node);
         }
     }
-
-}
+}

tests/Entity/ExportTest.php

@@ -12,7 +12,7 @@ class ExportTest extends TestCase
 
     public function test_page_text_export()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $this->asEditor();
 
         $resp = $this->get($page->getUrl('/export/plaintext'));
@@ -23,7 +23,7 @@ public function test_page_text_export()
 
     public function test_page_pdf_export()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $this->asEditor();
 
         $resp = $this->get($page->getUrl('/export/pdf'));
@@ -33,7 +33,7 @@ public function test_page_pdf_export()
 
     public function test_page_html_export()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $this->asEditor();
 
         $resp = $this->get($page->getUrl('/export/html'));
@@ -44,7 +44,7 @@ public function test_page_html_export()
 
     public function test_book_text_export()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $book = $page->book;
         $this->asEditor();
 
@@ -57,7 +57,7 @@ public function test_book_text_export()
 
     public function test_book_pdf_export()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $book = $page->book;
         $this->asEditor();
 
@@ -68,7 +68,7 @@ public function test_book_pdf_export()
 
     public function test_book_html_export()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $book = $page->book;
         $this->asEditor();
 
@@ -95,7 +95,7 @@ public function test_book_html_export_shows_chapter_descriptions()
 
     public function test_chapter_text_export()
     {
-        $chapter = Chapter::first();
+        $chapter = Chapter::query()->first();
         $page = $chapter->pages[0];
         $this->asEditor();
 
@@ -108,7 +108,7 @@ public function test_chapter_text_export()
 
     public function test_chapter_pdf_export()
     {
-        $chapter = Chapter::first();
+        $chapter = Chapter::query()->first();
         $this->asEditor();
 
         $resp = $this->get($chapter->getUrl('/export/pdf'));
@@ -118,7 +118,7 @@ public function test_chapter_pdf_export()
 
     public function test_chapter_html_export()
     {
-        $chapter = Chapter::first();
+        $chapter = Chapter::query()->first();
         $page = $chapter->pages[0];
         $this->asEditor();
 
@@ -131,7 +131,7 @@ public function test_chapter_html_export()
 
     public function test_page_html_export_contains_custom_head_if_set()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
 
         $customHeadContent = "<style>p{color: red;}</style>";
         $this->setSettings(['app-custom-head' => $customHeadContent]);
@@ -140,9 +140,21 @@ public function test_page_html_export_contains_custom_head_if_set()
         $resp->assertSee($customHeadContent);
     }
 
+    public function test_page_html_export_does_not_break_with_only_comments_in_custom_head()
+    {
+        $page = Page::query()->first();
+
+        $customHeadContent = "<!-- A comment -->";
+        $this->setSettings(['app-custom-head' => $customHeadContent]);
+
+        $resp = $this->asEditor()->get($page->getUrl('/export/html'));
+        $resp->assertStatus(200);
+        $resp->assertSee($customHeadContent);
+    }
+
     public function test_page_html_export_use_absolute_dates()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
 
         $resp = $this->asEditor()->get($page->getUrl('/export/html'));
         $resp->assertSee($page->created_at->formatLocalized('%e %B %Y %H:%M:%S'));
@@ -153,7 +165,7 @@ public function test_page_html_export_use_absolute_dates()
 
     public function test_page_export_does_not_include_user_or_revision_links()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
 
         $resp = $this->asEditor()->get($page->getUrl('/export/html'));
         $resp->assertDontSee($page->getUrl('/revisions'));
@@ -163,7 +175,7 @@ public function test_page_export_does_not_include_user_or_revision_links()
 
     public function test_page_export_sets_right_data_type_for_svg_embeds()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         Storage::disk('local')->makeDirectory('uploads/images/gallery');
         Storage::disk('local')->put('uploads/images/gallery/svg_test.svg', '<svg></svg>');
         $page->html = '<img src="http://localhost/uploads/images/gallery/svg_test.svg">';
@@ -179,7 +191,7 @@ public function test_page_export_sets_right_data_type_for_svg_embeds()
 
     public function test_page_image_containment_works_on_multiple_images_within_a_single_line()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         Storage::disk('local')->makeDirectory('uploads/images/gallery');
         Storage::disk('local')->put('uploads/images/gallery/svg_test.svg', '<svg></svg>');
         Storage::disk('local')->put('uploads/images/gallery/svg_test2.svg', '<svg></svg>');
@@ -195,7 +207,7 @@ public function test_page_image_containment_works_on_multiple_images_within_a_si
 
     public function test_page_export_contained_html_image_fetches_only_run_when_url_points_to_image_upload_folder()
     {
-        $page = Page::first();
+        $page = Page::query()->first();
         $page->html = '<img src="http://localhost/uploads/images/gallery/svg_test.svg"/>'
             .'<img src="http://localhost/uploads/svg_test.svg"/>'
             .'<img src="/uploads/svg_test.svg"/>';
@@ -233,7 +245,7 @@ public function test_exports_removes_scripts_from_custom_head()
     public function test_page_export_with_deleted_creator_and_updater()
     {
         $user = $this->getViewer(['name' => 'ExportWizardTheFifth']);
-        $page = Page::first();
+        $page = Page::query()->first();
         $page->created_by = $user->id;
         $page->updated_by = $user->id;
         $page->save();

tests/Entity/PageContentTest.php

@@ -13,8 +13,8 @@ class PageContentTest extends TestCase
 
     public function test_page_includes()
     {
-        $page = Page::first();
-        $secondPage = Page::where('id', '!=', $page->id)->first();
+        $page = Page::query()->first();
+        $secondPage = Page::query()->where('id', '!=', $page->id)->first();
 
         $secondPage->html = "<p id='section1'>Hello, This is a test</p><p id='section2'>This is a second block of content</p>";
         $secondPage->save();
@@ -42,8 +42,8 @@ public function test_page_includes()
 
     public function test_saving_page_with_includes()
     {
-        $page = Page::first();
-        $secondPage = Page::where('id', '!=', $page->id)->first();
+        $page = Page::query()->first();
+        $secondPage = Page::query()->where('id', '!=', $page->id)->first();
 
         $this->asEditor();
         $includeTag = '{{@' . $secondPage->id . '}}';
@@ -60,8 +60,8 @@ public function test_saving_page_with_includes()
 
     public function test_page_includes_do_not_break_tables()
     {
-        $page = Page::first();
-        $secondPage = Page::where('id', '!=', $page->id)->first();
+        $page = Page::query()->first();
+        $secondPage = Page::query()->where('id', '!=', $page->id)->first();
 
         $content = '<table id="table"><tbody><tr><td>test</td></tr></tbody></table>';
         $secondPage->html = $content;
@@ -97,7 +97,7 @@ public function test_page_includes_rendered_on_book_export()
     public function test_page_content_scripts_removed_by_default()
     {
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
         $script = 'abc123<script>console.log("hello-test")</script>abc123';
         $page->html = "escape {$script}";
         $page->save();
@@ -120,7 +120,7 @@ public function test_more_complex_content_script_escaping_scenarios()
         ];
 
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         foreach ($checks as $check) {
             $page->html = $check;
@@ -145,7 +145,7 @@ public function test_iframe_js_and_base64_urls_are_removed()
         ];
 
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         foreach ($checks as $check) {
             $page->html = $check;
@@ -171,7 +171,7 @@ public function test_javascript_uri_links_are_removed()
         ];
 
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         foreach ($checks as $check) {
             $page->html = $check;
@@ -192,7 +192,7 @@ public function test_form_actions_with_javascript_are_removed()
         ];
 
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         foreach ($checks as $check) {
             $page->html = $check;
@@ -215,7 +215,7 @@ public function test_metadata_redirects_are_removed()
         ];
 
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         foreach ($checks as $check) {
             $page->html = $check;
@@ -232,7 +232,7 @@ public function test_metadata_redirects_are_removed()
     public function test_page_inline_on_attributes_removed_by_default()
     {
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
         $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
         $page->html = "escape {$script}";
         $page->save();
@@ -255,7 +255,7 @@ public function test_more_complex_inline_on_attributes_escaping_scenarios()
         ];
 
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         foreach ($checks as $check) {
             $page->html = $check;
@@ -271,7 +271,7 @@ public function test_more_complex_inline_on_attributes_escaping_scenarios()
     public function test_page_content_scripts_show_when_configured()
     {
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
         config()->push('app.allow_content_scripts', 'true');
 
         $script = 'abc123<script>console.log("hello-test")</script>abc123';
@@ -286,7 +286,7 @@ public function test_page_content_scripts_show_when_configured()
     public function test_page_inline_on_attributes_show_if_configured()
     {
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
         config()->push('app.allow_content_scripts', 'true');
 
         $script = '<p onmouseenter="console.log(\'test\')">Hello</p>';
@@ -301,7 +301,7 @@ public function test_page_inline_on_attributes_show_if_configured()
     public function test_duplicate_ids_does_not_break_page_render()
     {
         $this->asEditor();
-        $pageA = Page::first();
+        $pageA = Page::query()->first();
         $pageB = Page::query()->where('id', '!=', $pageA->id)->first();
 
         $content = '<ul id="bkmrk-xxx-%28"></ul> <ul id="bkmrk-xxx-%28"></ul>';
@@ -318,7 +318,7 @@ public function test_duplicate_ids_does_not_break_page_render()
     public function test_duplicate_ids_fixed_on_page_save()
     {
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         $content = '<ul id="bkmrk-test"><li>test a</li><li><ul id="bkmrk-test"><li>test b</li></ul></li></ul>';
         $pageSave = $this->put($page->getUrl(), [
@@ -328,14 +328,14 @@ public function test_duplicate_ids_fixed_on_page_save()
         ]);
         $pageSave->assertRedirect();
 
-        $updatedPage = Page::where('id', '=', $page->id)->first();
+        $updatedPage = Page::query()->where('id', '=', $page->id)->first();
         $this->assertEquals(substr_count($updatedPage->html, "bkmrk-test\""), 1);
     }
 
     public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()
     {
         $this->asEditor();
-        $page = Page::first();
+        $page = Page::query()->first();
 
         $content = '<h1 id="non-standard-id">test</h1><p><a href="#non-standard-id">link</a></p>';
         $this->put($page->getUrl(), [
@@ -344,7 +344,7 @@ public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save()
             'summary' => ''
         ]);
 
-        $updatedPage = Page::where('id', '=', $page->id)->first();
+        $updatedPage = Page::query()->where('id', '=', $page->id)->first();
         $this->assertStringContainsString('id="bkmrk-test"', $updatedPage->html);
         $this->assertStringContainsString('href="#bkmrk-test"', $updatedPage->html);
     }
@@ -484,6 +484,25 @@ public function test_page_markdown_strikethrough_rendering()
         $pageView->assertElementExists('.page-content p > s');
     }
 
+    public function test_page_markdown_single_html_comment_saving()
+    {
+        $this->asEditor();
+        $page = Page::query()->first();
+
+        $content = '<!-- Test Comment -->';
+        $this->put($page->getUrl(), [
+            'name' => $page->name,  'markdown' => $content,
+            'html' => '', 'summary' => ''
+        ]);
+
+        $page->refresh();
+        $this->assertStringMatchesFormat($content, $page->html);
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertStatus(200);
+        $pageView->assertSee($content);
+    }
+
     public function test_base64_images_get_extracted_from_page_content()
     {
         $this->asEditor();