Implement unit tests for the isSameOrigin
and createValidAbsoluteUrl
utility functions
Moreover, mark the `isValidProtocol` function as private since it's only used in the utilities file and is not (meant to be) exported.
This commit is contained in:
parent
a789368b7a
commit
99de25d6cc
@ -332,7 +332,7 @@ function isSameOrigin(baseUrl, otherUrl) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Checks if URLs use one of the whitelisted protocols, e.g. to avoid XSS.
|
// Checks if URLs use one of the whitelisted protocols, e.g. to avoid XSS.
|
||||||
function isValidProtocol(url) {
|
function _isValidProtocol(url) {
|
||||||
if (!url) {
|
if (!url) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -349,7 +349,8 @@ function isValidProtocol(url) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attempts to create a valid absolute URL (utilizing `isValidProtocol`).
|
* Attempts to create a valid absolute URL.
|
||||||
|
*
|
||||||
* @param {URL|string} url - An absolute, or relative, URL.
|
* @param {URL|string} url - An absolute, or relative, URL.
|
||||||
* @param {URL|string} baseUrl - An absolute URL.
|
* @param {URL|string} baseUrl - An absolute URL.
|
||||||
* @returns Either a valid {URL}, or `null` otherwise.
|
* @returns Either a valid {URL}, or `null` otherwise.
|
||||||
@ -360,7 +361,7 @@ function createValidAbsoluteUrl(url, baseUrl) {
|
|||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
var absoluteUrl = baseUrl ? new URL(url, baseUrl) : new URL(url);
|
var absoluteUrl = baseUrl ? new URL(url, baseUrl) : new URL(url);
|
||||||
if (isValidProtocol(absoluteUrl)) {
|
if (_isValidProtocol(absoluteUrl)) {
|
||||||
return absoluteUrl;
|
return absoluteUrl;
|
||||||
}
|
}
|
||||||
} catch (ex) { /* `new URL()` will throw on incorrect data. */ }
|
} catch (ex) { /* `new URL()` will throw on incorrect data. */ }
|
||||||
|
@ -14,9 +14,9 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
import {
|
import {
|
||||||
bytesToString, getInheritableProperty, isArrayBuffer, isBool, isEmptyObj,
|
bytesToString, createValidAbsoluteUrl, getInheritableProperty, isArrayBuffer,
|
||||||
isNum, isSpace, isString, log2, ReadableStream, removeNullCharacters,
|
isBool, isEmptyObj, isNum, isSameOrigin, isSpace, isString, log2,
|
||||||
stringToBytes, stringToPDFString, URL
|
ReadableStream, removeNullCharacters, stringToBytes, stringToPDFString, URL
|
||||||
} from '../../src/shared/util';
|
} from '../../src/shared/util';
|
||||||
import { Dict, Ref } from '../../src/core/primitives';
|
import { Dict, Ref } from '../../src/core/primitives';
|
||||||
import { XRefMock } from './test_utils';
|
import { XRefMock } from './test_utils';
|
||||||
@ -323,4 +323,65 @@ describe('util', function() {
|
|||||||
expect(typeof url.href).toEqual('string');
|
expect(typeof url.href).toEqual('string');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('isSameOrigin', function() {
|
||||||
|
it('handles invalid base URLs', function() {
|
||||||
|
// The base URL is not valid.
|
||||||
|
expect(isSameOrigin('/foo', '/bar')).toEqual(false);
|
||||||
|
|
||||||
|
// The base URL has no origin.
|
||||||
|
expect(isSameOrigin('blob:foo', '/bar')).toEqual(false);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('correctly checks if the origin of both URLs matches', function() {
|
||||||
|
expect(isSameOrigin('https://www.mozilla.org/foo',
|
||||||
|
'https://www.mozilla.org/bar')).toEqual(true);
|
||||||
|
expect(isSameOrigin('https://www.mozilla.org/foo',
|
||||||
|
'https://www.example.com/bar')).toEqual(false);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('createValidAbsoluteUrl', function() {
|
||||||
|
it('handles invalid URLs', function() {
|
||||||
|
expect(createValidAbsoluteUrl(undefined, undefined)).toEqual(null);
|
||||||
|
expect(createValidAbsoluteUrl(null, null)).toEqual(null);
|
||||||
|
expect(createValidAbsoluteUrl('/foo', '/bar')).toEqual(null);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('handles URLs that do not use a whitelisted protocol', function() {
|
||||||
|
expect(createValidAbsoluteUrl('magnet:?foo', null)).toEqual(null);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('correctly creates a valid URL for whitelisted protocols', function() {
|
||||||
|
// `http` protocol
|
||||||
|
expect(createValidAbsoluteUrl('http://www.mozilla.org/foo', null))
|
||||||
|
.toEqual(new URL('http://www.mozilla.org/foo'));
|
||||||
|
expect(createValidAbsoluteUrl('/foo', 'http://www.mozilla.org'))
|
||||||
|
.toEqual(new URL('http://www.mozilla.org/foo'));
|
||||||
|
|
||||||
|
// `https` protocol
|
||||||
|
expect(createValidAbsoluteUrl('https://www.mozilla.org/foo', null))
|
||||||
|
.toEqual(new URL('https://www.mozilla.org/foo'));
|
||||||
|
expect(createValidAbsoluteUrl('/foo', 'https://www.mozilla.org'))
|
||||||
|
.toEqual(new URL('https://www.mozilla.org/foo'));
|
||||||
|
|
||||||
|
// `ftp` protocol
|
||||||
|
expect(createValidAbsoluteUrl('ftp://www.mozilla.org/foo', null))
|
||||||
|
.toEqual(new URL('ftp://www.mozilla.org/foo'));
|
||||||
|
expect(createValidAbsoluteUrl('/foo', 'ftp://www.mozilla.org'))
|
||||||
|
.toEqual(new URL('ftp://www.mozilla.org/foo'));
|
||||||
|
|
||||||
|
// `mailto` protocol (base URLs have no meaning and should yield `null`)
|
||||||
|
expect(createValidAbsoluteUrl('mailto:foo@bar.baz', null))
|
||||||
|
.toEqual(new URL('mailto:foo@bar.baz'));
|
||||||
|
expect(createValidAbsoluteUrl('/foo', 'mailto:foo@bar.baz'))
|
||||||
|
.toEqual(null);
|
||||||
|
|
||||||
|
// `tel` protocol (base URLs have no meaning and should yield `null`)
|
||||||
|
expect(createValidAbsoluteUrl('tel:+0123456789', null))
|
||||||
|
.toEqual(new URL('tel:+0123456789'));
|
||||||
|
expect(createValidAbsoluteUrl('/foo', 'tel:0123456789'))
|
||||||
|
.toEqual(null);
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
Loading…
x
Reference in New Issue
Block a user