github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 03:36:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
30c559f670b85cf10f6c06a032f8ed34dd994e8b
discourse/spec/lib/onebox/engine/mixcloud_onebox_spec.rb
Blake Erickson 17116c440b SECURITY: Restrict allowed URL patterns 
Restrict allowed URL patterns for oneboxes.
2025-02-04 13:32:34 -03:00

26 lines
858 B
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe Onebox::Engine::MixcloudOnebox do
describe ".===" do
it "matches valid MixCloud URL" do
valid_url = URI("https://www.mixcloud.com/user/show-name/")
expect(described_class === valid_url).to eq(true)
end
it "matches valid MixCloud root URL" do
valid_url_root = URI("https://www.mixcloud.com/")
expect(described_class === valid_url_root).to eq(true)
end
it "does not match URL with valid domain as part of another domain" do
malicious_url = URI("https://www.mixcloud.com.malicious.com/user/show-name/")
expect(described_class === malicious_url).to eq(false)
end
it "does not match unrelated domain" do
unrelated_url = URI("https://example.com/user/show-name/")
expect(described_class === unrelated_url).to eq(false)
end
end
end
Reference in New Issue View Git Blame Copy Permalink