github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 00:18:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/spec/lib/onebox/engine/coub_onebox_spec.rb
Blake Erickson 17116c440b
SECURITY: Restrict allowed URL patterns 
Restrict allowed URL patterns for oneboxes.
2025-02-04 13:32:34 -03:00

21 lines
662 B
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe Onebox::Engine::CoubOnebox do
describe ".===" do
it "matches valid coub URL" do
valid_url = URI("https://coub.com/view/12345")
expect(described_class === valid_url).to eq(true)
end
it "does not match malicious URL with valid domain as part of another domain" do
malicious_url = URI("https://coub.com.malicious.com/view/12345")
expect(described_class === malicious_url).to eq(false)
end
it "does not match invalid path" do
invalid_path_url = URI("https://coub.com/invalid/abc123")
expect(described_class === invalid_path_url).to eq(false)
end
end
end
Reference in New Issue View Git Blame Copy Permalink