github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-23 21:21:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
6c70825d3d45bfb51c4c21e587f8909db2f6cf55
discourse/spec/lib/onebox/engine/tiktok_onebox_spec.rb
Blake Erickson 17116c440b SECURITY: Restrict allowed URL patterns 
Restrict allowed URL patterns for oneboxes.
2025-02-04 13:32:34 -03:00

31 lines
1.1 KiB
Ruby
Raw Blame History

#frozen_string_literal: true
RSpec.describe Onebox::Engine::TiktokOnebox do
describe ".===" do
it "matches valid TikTok user video URL" do
valid_user_video_url = URI("https://www.tiktok.com/@user123/video/1234567890")
expect(described_class === valid_user_video_url).to eq(true)
end
it "matches valid TikTok short video URL" do
valid_short_video_url = URI("https://www.tiktok.com/v/1234567890")
expect(described_class === valid_short_video_url).to eq(true)
end
it "does not match URL with invalid path" do
invalid_path_url = URI("https://www.tiktok.com/@user123/invalid/1234567890")
expect(described_class === invalid_path_url).to eq(false)
end
it "does not match unrelated domain" do
unrelated_url = URI("https://example.com/@user123/video/1234567890")
expect(described_class === unrelated_url).to eq(false)
end
it "does not match URL with valid domain as part of another domain" do
malicious_url = URI("https://www.tiktok.com.malicious.com/@user123/video/1234567890")
expect(described_class === malicious_url).to eq(false)
end
end
end
Reference in New Issue View Git Blame Copy Permalink