github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-29 00:20:54 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
30c559f670b85cf10f6c06a032f8ed34dd994e8b
discourse/spec/lib/onebox/engine/sketch_fab_onebox_spec.rb
Blake Erickson 17116c440b SECURITY: Restrict allowed URL patterns 
Restrict allowed URL patterns for oneboxes.
2025-02-04 13:32:34 -03:00

32 lines
1.1 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe Onebox::Engine::SketchFabOnebox do
describe ".===" do
it "matches valid Sketchfab models URL" do
valid_url = URI("https://sketchfab.com/models/1234567890abcdef1234567890abcdef")
expect(described_class === valid_url).to eq(true)
end
it "matches valid Sketchfab 3d-models URL with title" do
valid_url_with_title =
URI("https://sketchfab.com/3d-models/example-title-1234567890abcdef1234567890abcdef")
expect(described_class === valid_url_with_title).to eq(true)
end
it "does not match URL with invalid path" do
invalid_path_url = URI("https://sketchfab.com/invalid/path")
expect(described_class === invalid_path_url).to eq(false)
end
it "does not match unrelated domain" do
unrelated_url = URI("https://example.com/models/1234567890abcdef1234567890abcdef")
expect(described_class === unrelated_url).to eq(false)
end
it "does not match Sketchfab URL with incorrect ID length" do
invalid_id_url = URI("https://sketchfab.com/models/12345")
expect(described_class === invalid_id_url).to eq(false)
end
end
end
Reference in New Issue View Git Blame Copy Permalink