diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2017-05-25 14:52:42 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2017-05-25 14:58:34 +0200 |
| commit | 86ceea054f5f85157b04473bac5bfb6ff86ca31f (patch) | |
| tree | e8216f2f36952818427e633b641a54a6ff26379a /tests/Url/WhitelistProtocolsTest.php | |
| parent | 61c15aa5554431893ea5ebe800a9a625dca5aff9 (diff) | |
| download | Shaarli-86ceea054f5f85157b04473bac5bfb6ff86ca31f.tar.gz Shaarli-86ceea054f5f85157b04473bac5bfb6ff86ca31f.tar.zst Shaarli-86ceea054f5f85157b04473bac5bfb6ff86ca31f.zip | |
Add a whitelist of protocols for URLs
- for Shaare
- for markdown description links and images
Not whitelisted protocols will be replaced by `http://`
Diffstat (limited to 'tests/Url/WhitelistProtocolsTest.php')
| -rw-r--r-- | tests/Url/WhitelistProtocolsTest.php | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/tests/Url/WhitelistProtocolsTest.php b/tests/Url/WhitelistProtocolsTest.php new file mode 100644 index 00000000..a3156804 --- /dev/null +++ b/tests/Url/WhitelistProtocolsTest.php | |||
| @@ -0,0 +1,63 @@ | |||
| 1 | <?php | ||
| 2 | |||
| 3 | require_once 'application/Url.php'; | ||
| 4 | |||
| 5 | use Shaarli\Config\ConfigManager; | ||
| 6 | |||
| 7 | /** | ||
| 8 | * Class WhitelistProtocolsTest | ||
| 9 | * | ||
| 10 | * Test whitelist_protocols() function of Url. | ||
| 11 | */ | ||
| 12 | class WhitelistProtocolsTest extends PHPUnit_Framework_TestCase | ||
| 13 | { | ||
| 14 | /** | ||
| 15 | * Test whitelist_protocols() on a note (relative URL). | ||
| 16 | */ | ||
| 17 | public function testWhitelistProtocolsRelative() | ||
| 18 | { | ||
| 19 | $whitelist = ['ftp', 'magnet']; | ||
| 20 | $url = '?12443564'; | ||
| 21 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | ||
| 22 | $url = '/path.jpg'; | ||
| 23 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | ||
| 24 | } | ||
| 25 | |||
| 26 | /** | ||
| 27 | * Test whitelist_protocols() on a note (relative URL). | ||
| 28 | */ | ||
| 29 | public function testWhitelistProtocolMissing() | ||
| 30 | { | ||
| 31 | $whitelist = ['ftp', 'magnet']; | ||
| 32 | $url = 'test.tld/path/?query=value#hash'; | ||
| 33 | $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist)); | ||
| 34 | } | ||
| 35 | |||
| 36 | /** | ||
| 37 | * Test whitelist_protocols() with allowed protocols. | ||
| 38 | */ | ||
| 39 | public function testWhitelistAllowedProtocol() | ||
| 40 | { | ||
| 41 | $whitelist = ['ftp', 'magnet']; | ||
| 42 | $url = 'http://test.tld/path/?query=value#hash'; | ||
| 43 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | ||
| 44 | $url = 'https://test.tld/path/?query=value#hash'; | ||
| 45 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | ||
| 46 | $url = 'ftp://test.tld/path/?query=value#hash'; | ||
| 47 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | ||
| 48 | $url = 'magnet:test.tld/path/?query=value#hash'; | ||
| 49 | $this->assertEquals($url, whitelist_protocols($url, $whitelist)); | ||
| 50 | } | ||
| 51 | |||
| 52 | /** | ||
| 53 | * Test whitelist_protocols() with allowed protocols. | ||
| 54 | */ | ||
| 55 | public function testWhitelistDisallowedProtocol() | ||
| 56 | { | ||
| 57 | $whitelist = ['ftp', 'magnet']; | ||
| 58 | $url = 'javascript:alert("xss");'; | ||
| 59 | $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist)); | ||
| 60 | $url = 'other://test.tld/path/?query=value#hash'; | ||
| 61 | $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist)); | ||
| 62 | } | ||
| 63 | } | ||