Merge pull request #5419 from woocommerce/issue/4137-escape-html-receipt

kidinov · web-flow · commit 31ed5293041b · 2021-11-15T16:51:52.000+03:00
[Mobile Payments] Remove html tags from receipt generation
diff --git a/Hardware/Hardware.xcodeproj/project.pbxproj b/Hardware/Hardware.xcodeproj/project.pbxproj
@@ -9,6 +9,7 @@
 /* Begin PBXBuildFile section */
 		030338102705F7D400764131 /* ReceiptTotalLine.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0303380F2705F7D400764131 /* ReceiptTotalLine.swift */; };
 		311889EB2653286B0080AEA2 /* PaymentIntentMetadataTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 311889EA2653286B0080AEA2 /* PaymentIntentMetadataTests.swift */; };
+		55CD4BB4273E617C007686D3 /* ReceiptRendererTest.swift in Sources */ = {isa = PBXBuildFile; fileRef = 55CD4BB3273E617C007686D3 /* ReceiptRendererTest.swift */; };
 		5A747BE9FA06EC8752A35752 /* Pods_HardwareTests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = B1DC5B6141B8184FAC29B0A4 /* Pods_HardwareTests.framework */; };
 		8FFAA245E257B9EB98E2FCBD /* Pods_SampleReceiptPrinter.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 2AFA997D6786C67B0A061854 /* Pods_SampleReceiptPrinter.framework */; };
 		C5D2CB7D21CEE28FEBF18BF6 /* Pods_Hardware.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E9F0AC202B287C1221EA2C99 /* Pods_Hardware.framework */; };
@@ -134,6 +135,7 @@
 		311889EA2653286B0080AEA2 /* PaymentIntentMetadataTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PaymentIntentMetadataTests.swift; sourceTree = "<group>"; };
 		3CF9348BADD5E0518080A61A /* Pods-Hardware.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Hardware.debug.xcconfig"; path = "Target Support Files/Pods-Hardware/Pods-Hardware.debug.xcconfig"; sourceTree = "<group>"; };
 		47BDD50287B7B0CF8D769BFC /* Pods-PrinterPlayground.release-alpha.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-PrinterPlayground.release-alpha.xcconfig"; path = "Target Support Files/Pods-PrinterPlayground/Pods-PrinterPlayground.release-alpha.xcconfig"; sourceTree = "<group>"; };
+		55CD4BB3273E617C007686D3 /* ReceiptRendererTest.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ReceiptRendererTest.swift; sourceTree = "<group>"; };
 		9726331F55A9621F2F887E13 /* Pods-Hardware.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Hardware.release.xcconfig"; path = "Target Support Files/Pods-Hardware/Pods-Hardware.release.xcconfig"; sourceTree = "<group>"; };
 		AE60F16D43C20AD4523A61A5 /* Pods-SampleReceiptPrinter.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-SampleReceiptPrinter.debug.xcconfig"; path = "Target Support Files/Pods-SampleReceiptPrinter/Pods-SampleReceiptPrinter.debug.xcconfig"; sourceTree = "<group>"; };
 		B1DC5B6141B8184FAC29B0A4 /* Pods_HardwareTests.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_HardwareTests.framework; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -258,6 +260,14 @@
 /* End PBXFrameworksBuildPhase section */
 
 /* Begin PBXGroup section */
+		55CD4BB2273E6159007686D3 /* AirPrintReceipt */ = {
+			isa = PBXGroup;
+			children = (
+				55CD4BB3273E617C007686D3 /* ReceiptRendererTest.swift */,
+			);
+			path = AirPrintReceipt;
+			sourceTree = "<group>";
+		};
 		ADED522B787D093F499BD540 /* Pods */ = {
 			isa = PBXGroup;
 			children = (
@@ -351,6 +361,7 @@
 		D88FDB0C25DD216B00CB0DBD /* HardwareTests */ = {
 			isa = PBXGroup;
 			children = (
+				55CD4BB2273E6159007686D3 /* AirPrintReceipt */,
 				D845BDF3262DD65D00A3E40F /* Mocks */,
 				D88FDB0F25DD216B00CB0DBD /* Info.plist */,
 				D892F21325E3F67A001D7134 /* CardReaderTests.swift */,
@@ -566,6 +577,7 @@
 					};
 					D88FDB0725DD216B00CB0DBD = {
 						CreatedOnToolsVersion = 12.4;
+						LastSwiftMigration = 1310;
 					};
 					E1CFC14A2643E9EE0089F86F = {
 						CreatedOnToolsVersion = 12.4;
@@ -797,6 +809,7 @@
 				D81AE85E25E6A89F00D9CFD3 /* StripeCardReaderCacheTests.swift in Sources */,
 				D892F21425E3F67A001D7134 /* CardReaderTests.swift in Sources */,
 				D854FC26260A6B5800A219CD /* ErrorCodesTests.swift in Sources */,
+				55CD4BB4273E617C007686D3 /* ReceiptRendererTest.swift in Sources */,
 				D892F21025E3F4C0001D7134 /* MockStripeCardReader.swift in Sources */,
 				D88303DB25E450E700C877F9 /* PaymentIntentTests.swift in Sources */,
 				D845BE03262DDBF500A3E40F /* CardBrandTests.swift in Sources */,
@@ -1019,6 +1032,7 @@
 			baseConfigurationReference = 1CC96A71F2937BCB7432766F /* Pods-HardwareTests.debug.xcconfig */;
 			buildSettings = {
 				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = "${inherited}";
+				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				CODE_SIGN_STYLE = Automatic;
 				DEVELOPMENT_TEAM = PZYM8XX95Q;
@@ -1030,6 +1044,7 @@
 				);
 				PRODUCT_BUNDLE_IDENTIFIER = com.automattic.Hardware.HardwareTests;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
 				SWIFT_VERSION = 5.0;
 				TARGETED_DEVICE_FAMILY = "1,2";
 			};
@@ -1040,6 +1055,7 @@
 			baseConfigurationReference = C61D1642BE09D1A1AD6AA9FA /* Pods-HardwareTests.release.xcconfig */;
 			buildSettings = {
 				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = "${inherited}";
+				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				CODE_SIGN_STYLE = Automatic;
 				DEVELOPMENT_TEAM = PZYM8XX95Q;
@@ -1147,6 +1163,7 @@
 			baseConfigurationReference = DB2B86965868C0EC25910D7D /* Pods-HardwareTests.release-alpha.xcconfig */;
 			buildSettings = {
 				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = "${inherited}";
+				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				CODE_SIGN_STYLE = Automatic;
 				DEVELOPMENT_TEAM = PZYM8XX95Q;
diff --git a/Hardware/Hardware/Printer/AirPrintReceipt/ReceiptRenderer.swift b/Hardware/Hardware/Printer/AirPrintReceipt/ReceiptRenderer.swift
@@ -110,7 +110,8 @@ private extension ReceiptRenderer {
     private func summaryTable() -> String {
         var summaryContent = "<table>"
         for line in content.lineItems {
-            summaryContent += "<tr><td>\(line.title) × \(line.quantity)</td><td>\(line.amount) \(content.parameters.currency.uppercased())</td></tr>"
+            let stripedTitle = line.title.htmlStripped()
+            summaryContent += "<tr><td>\(stripedTitle) × \(line.quantity)</td><td>\(line.amount) \(content.parameters.currency.uppercased())</td></tr>"
         }
         summaryContent += totalRows()
         summaryContent += "</table>"
@@ -158,9 +159,9 @@ private extension ReceiptRenderer {
         /// are required in the US.
         /// https://stripe.com/docs/terminal/checkout/receipts#custom
         return """
-            \(Localization.applicationName): \(emv.applicationPreferredName)<br/>
-            \(Localization.aid): \(emv.dedicatedFileName)
-        """
+               \(Localization.applicationName): \(emv.applicationPreferredName.htmlStripped())<br/>
+               \(Localization.aid): \(emv.dedicatedFileName.htmlStripped())
+               """
     }
 
     private func cardIconCSS() -> String {
@@ -250,3 +251,19 @@ private extension ReceiptRenderer {
         )
     }
 }
+
+private extension String {
+    func htmlStripped() -> String {
+        let data = Data(utf8)
+        do {
+            return try NSAttributedString(
+                data: data,
+                options: [.documentType: NSAttributedString.DocumentType.html],
+                documentAttributes: nil
+            ).string
+        } catch {
+            DDLogError("Failed to remove HTML from \(self): \(error.localizedDescription)")
+            return self
+        }
+    }
+}
diff --git a/Hardware/HardwareTests/AirPrintReceipt/ReceiptRendererTest.swift b/Hardware/HardwareTests/AirPrintReceipt/ReceiptRendererTest.swift
@@ -0,0 +1,70 @@
+import XCTest
+@testable import Hardware
+import StripeTerminal
+import Foundation
+import CryptoKit
+
+final class ReceiptRendererTest: XCTestCase {
+    func test_TextWithoutHtmlSymbols() {
+        let expectedResultWithoutHtmlSymbolsMd5Description = "MD5 digest: 532a92e85527596a692b4b9ee7c978a5"
+        let content = generateReceiptContent()
+
+        let renderer = ReceiptRenderer(content: content)
+
+        XCTAssertEqual(
+            Insecure.MD5.hash(data: renderer.htmlContent().data(using: .utf8)!).description,
+            expectedResultWithoutHtmlSymbolsMd5Description
+        )
+    }
+
+    func test_TextWithHtmlSymbols() {
+        let expectedResultWithHtmlSymbolsMd5Description = "MD5 digest: 034ae681824b18c473c9ca9ad69a06bb"
+        let stringWithHtml = "<tt><table></table></footer>"
+        let content = generateReceiptContent(stringToAppend: stringWithHtml)
+
+        let renderer = ReceiptRenderer(content: content)
+
+        print(renderer.htmlContent())
+
+        XCTAssertEqual(
+            Insecure.MD5.hash(data: renderer.htmlContent().data(using: .utf8)!).description,
+            expectedResultWithHtmlSymbolsMd5Description
+        )
+    }
+}
+
+private extension ReceiptRendererTest {
+    func generateReceiptContent(stringToAppend: String = "") -> ReceiptContent {
+        ReceiptContent(
+            parameters: CardPresentReceiptParameters(
+                amount: 1,
+                formattedAmount: "1",
+                currency: "USD",
+                date: .init(),
+                storeName: "Test Store",
+                cardDetails: .init(
+                    last4: "1234",
+                    expMonth: 12,
+                    expYear: 26,
+                    cardholderName: "John Smith",
+                    brand: .masterCard,
+                    fingerprint: "fpr*****",
+                    generatedCard: "pm_******",
+                    receipt: .init(
+                        applicationPreferredName: "Stripe Credit\(stringToAppend)",
+                        dedicatedFileName: "A00000000000000\(stringToAppend)",
+                        authorizationResponseCode: "0000",
+                        applicationCryptogram: "XXXXXXXXXXXX",
+                        terminalVerificationResults: "101010101010101010",
+                        transactionStatusInformation: "6800",
+                        accountType: "credit"
+                    ),
+                    emvAuthData: "AD*******"),
+                orderID: 9201
+            ),
+            lineItems: [ReceiptLineItem(title: "Sample product #1\(stringToAppend)", quantity: "2", amount: "25")],
+            cartTotals: [ReceiptTotalLine(description: "description", amount: "13")],
+            orderNote: nil
+        )
+    }
+}
diff --git a/Yosemite/Yosemite/Stores/ReceiptStore.swift b/Yosemite/Yosemite/Stores/ReceiptStore.swift
@@ -208,12 +208,12 @@ private extension ReceiptStore {
 
 private extension ReceiptStore {
     func fileURL(order: Order) throws -> URL {
-        return try FileManager.default.url(for: .documentDirectory,
-                                                           in: .userDomainMask,
-                                                           appropriateFor: nil,
-                                                           create: false)
+        try FileManager.default.url(for: .documentDirectory,
+                in: .userDomainMask,
+                appropriateFor: nil,
+                create: false)
             .appendingPathComponent(fileName(order: order))
-                .appendingPathExtension("plist")
+            .appendingPathExtension("plist")
     }
 
     func fileName(order: Order) -> String {
