Files
Verso/services/web/test/unit/src/HelperFiles/UrlHelperTests.js
T
Eric Mc Sween 9ddaa8c9f6 Merge pull request #3830 from overleaf/em-upgrade-node-12
Upgrade to Node 12

GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5
2021-04-01 02:05:52 +00:00

45 lines
1.3 KiB
JavaScript

const { expect } = require('chai')
const SandboxedModule = require('sandboxed-module')
const modulePath = require('path').join(
__dirname,
'../../../../app/src/Features/Helpers/UrlHelper.js'
)
describe('UrlHelper', function() {
beforeEach(function() {
this.settings = {
apis: { linkedUrlProxy: { url: undefined } },
siteUrl: 'http://localhost:3000'
}
this.UrlHelper = SandboxedModule.require(modulePath, {
requires: { 'settings-sharelatex': this.settings }
})
})
describe('getSafeRedirectPath', function() {
it('sanitize redirect path to prevent open redirects', function() {
expect(this.UrlHelper.getSafeRedirectPath('https://evil.com')).to.be
.undefined
expect(this.UrlHelper.getSafeRedirectPath('//evil.com')).to.be.undefined
expect(this.UrlHelper.getSafeRedirectPath('//ol.com/evil')).to.equal(
'/evil'
)
expect(this.UrlHelper.getSafeRedirectPath('////evil.com')).to.be.undefined
expect(this.UrlHelper.getSafeRedirectPath('%2F%2Fevil.com')).to.equal(
'/%2F%2Fevil.com'
)
expect(
this.UrlHelper.getSafeRedirectPath('http://foo.com//evil.com/bad')
).to.equal('/evil.com/bad')
return expect(this.UrlHelper.getSafeRedirectPath('.evil.com')).to.equal(
'/.evil.com'
)
})
})
})