yujunjun/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2025-11-24 00:42:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
dify/web/utils/urlValidation.spec.ts
aka James4u e9738b891f
test: adding some web tests (#27792)
2025-11-04 21:06:44 +08:00

50 lines
2.0 KiB
TypeScript
Raw Blame History

import { validateRedirectUrl } from './urlValidation'
describe('URL Validation', () => {
describe('validateRedirectUrl', () => {
it('should reject data: protocol', () => {
expect(() => validateRedirectUrl('data:text/html,<script>alert(1)</script>')).toThrow('Authorization URL must be HTTP or HTTPS')
})
it('should reject file: protocol', () => {
expect(() => validateRedirectUrl('file:///etc/passwd')).toThrow('Authorization URL must be HTTP or HTTPS')
})
it('should reject ftp: protocol', () => {
expect(() => validateRedirectUrl('ftp://example.com')).toThrow('Authorization URL must be HTTP or HTTPS')
})
it('should reject vbscript: protocol', () => {
expect(() => validateRedirectUrl('vbscript:msgbox(1)')).toThrow('Authorization URL must be HTTP or HTTPS')
})
it('should reject malformed URLs', () => {
expect(() => validateRedirectUrl('not a url')).toThrow('Invalid URL')
expect(() => validateRedirectUrl('://example.com')).toThrow('Invalid URL')
expect(() => validateRedirectUrl('')).toThrow('Invalid URL')
})
it('should handle URLs with query parameters', () => {
expect(() => validateRedirectUrl('https://example.com?param=value')).not.toThrow()
expect(() => validateRedirectUrl('https://example.com?redirect=http://evil.com')).not.toThrow()
})
it('should handle URLs with fragments', () => {
expect(() => validateRedirectUrl('https://example.com#section')).not.toThrow()
expect(() => validateRedirectUrl('https://example.com/path#fragment')).not.toThrow()
})
it('should handle URLs with authentication', () => {
expect(() => validateRedirectUrl('https://user:pass@example.com')).not.toThrow()
})
it('should handle international domain names', () => {
expect(() => validateRedirectUrl('https://例え.jp')).not.toThrow()
})
it('should reject protocol-relative URLs', () => {
expect(() => validateRedirectUrl('//example.com')).toThrow('Invalid URL')
})
})
})
Reference in New Issue View Git Blame Copy Permalink