Use table-based tests for is_safe_url_spec.js

2993a8b0 · Winnie Hellmann · 81559676 · 2993a8b0
Commit 2993a8b0 authored Feb 20, 2019 by Winnie Hellmann
Hide whitespace changes
Inline Side-by-side

Showing with 45 additions and 106 deletions

ee/spec/frontend/vue_shared/components/is_safe_url_spec.js ee/spec/frontend/vue_shared/components/is_safe_url_spec.js +45 -106

No files found.
--- a/ee/spec/frontend/vue_shared/components/is_safe_url_spec.js
+++ b/ee/spec/frontend/vue_shared/components/is_safe_url_spec.js
@@ -2,62 +2,46 @@
 import isSafeURL from 'ee/vue_shared/components/is_safe_url';
 describe('isSafeUrl', () => {
-  describe('with URL constructor support', () => {
+  const absoluteUrls = [
-    it('returns true for absolute http(s) urls', () => {
+    'http://example.org',
-      expect(isSafeURL('http://example.org')).toBe(true);
+    'http://example.org:8080',
-      expect(isSafeURL('http://example.org:8080')).toBe(true);
+    'https://example.org',
-      expect(isSafeURL('https://example.org')).toBe(true);
+    'https://example.org:8080',
-      expect(isSafeURL('https://example.org:8080')).toBe(true);
+    'https://192.168.1.1',
-      expect(isSafeURL('https://192.168.1.1')).toBe(true);
+  ];
-    });
+  const relativeUrls = ['./relative/link', '/relative/link', '../relative/link'];
-    it('returns false for relative urls', () => {
-      expect(isSafeURL('./relative/link')).toBe(false);
+  const urlsWithoutHost = ['http://', 'https://', 'https:https:https:'];
-      expect(isSafeURL('/relative/link')).toBe(false);
-      expect(isSafeURL('../relative/link')).toBe(false);
+  const nonHttpUrls = [
-    });
+    'javascript:',
+    'javascript:alert("XSS")',
-    it('returns false for http(s) urls without host', () => {
+    'jav\tascript:alert("XSS");',
-      expect(isSafeURL('http://')).toBe(false);
+    ' &#14;  javascript:alert("XSS");',
-      expect(isSafeURL('https://')).toBe(false);
+    'ftp://192.168.1.1',
-      expect(isSafeURL('https:https:https:')).toBe(false);
+    'file:///',
-    });
+    'file:///etc/hosts',
+  ];
+  const encodedJavaScriptUrls = [
+    '&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041',
+    '&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;',
+    '&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29',
+    '\\u006A\\u0061\\u0076\\u0061\\u0073\\u0063\\u0072\\u0069\\u0070\\u0074\\u003A\\u0061\\u006C\\u0065\\u0072\\u0074\\u0028\\u0027\\u0058\\u0053\\u0053\\u0027\\u0029',
+  ];
-    it('returns false for non http(s) links', () => {
+  describe('with URL constructor support', () => {
-      expect(isSafeURL('javascript:')).toBe(false);
+    it.each(absoluteUrls)('returns true for %s', url => {
-      expect(isSafeURL('javascript:alert("XSS")')).toBe(false);
+      expect(isSafeURL(url)).toBe(true);
-      expect(isSafeURL('jav\tascript:alert("XSS");')).toBe(false);
-      expect(isSafeURL(' &#14;  javascript:alert("XSS");')).toBe(false);
-      expect(isSafeURL('ftp://192.168.1.1')).toBe(false);
-      expect(isSafeURL('file:///')).toBe(false);
-      expect(isSafeURL('file:///etc/hosts')).toBe(false);
    });
-    it('returns false for encoded javascript links', () => {
+    it.each([...relativeUrls, ...urlsWithoutHost, ...nonHttpUrls, ...encodedJavaScriptUrls])(
-      expect(
+      'returns false for %s',
-        isSafeURL(
+      url => {
-          '&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041',
+        expect(isSafeURL(url)).toBe(false);
-        ),
+      },
-      ).toBe(false);
+    );
-      expect(
-        isSafeURL(
-          '&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;',
-        ),
-      ).toBe(false);
-      expect(
-        isSafeURL(
-          '&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29',
-        ),
-      ).toBe(false);
-      expect(
-        isSafeURL(
-          '\\u006A\\u0061\\u0076\\u0061\\u0073\\u0063\\u0072\\u0069\\u0070\\u0074\\u003A\\u0061\\u006C\\u0065\\u0072\\u0074\\u0028\\u0027\\u0058\\u0053\\u0053\\u0027\\u0029',
-        ),
-      ).toBe(false);
-    });
  });
  describe('without URL constructor support', () => {
@@ -67,60 +51,15 @@ describe('isSafeUrl', () => {
      });
    });
-    it('returns true for absolute http(s) urls', () => {
+    it.each(absoluteUrls)('returns true for %s', url => {
-      expect(isSafeURL('http://example.org')).toBe(true);
+      expect(isSafeURL(url)).toBe(true);
-      expect(isSafeURL('http://example.org:8080')).toBe(true);
-      expect(isSafeURL('https://example.org')).toBe(true);
-      expect(isSafeURL('https://example.org:8080')).toBe(true);
-      expect(isSafeURL('https://192.168.1.1')).toBe(true);
    });
-    it('returns true for relative urls', () => {
+    it.each([...relativeUrls, ...urlsWithoutHost, ...nonHttpUrls, ...encodedJavaScriptUrls])(
-      expect(isSafeURL('./relative/link')).toBe(false);
+      'returns false for %s',
-      expect(isSafeURL('/relative/link')).toBe(false);
+      url => {
-      expect(isSafeURL('../relative/link')).toBe(false);
+        expect(isSafeURL(url)).toBe(false);
-    });
+      },
+    );
-    it('returns false for http(s) urls without host', () => {
-      expect(isSafeURL('http://')).toBe(false);
-      expect(isSafeURL('https://')).toBe(false);
-      expect(isSafeURL('https:https:https:')).toBe(false);
-    });
-    it('returns false for non http(s) links', () => {
-      expect(isSafeURL('javascript:')).toBe(false);
-      expect(isSafeURL('javascript:alert("XSS")')).toBe(false);
-      expect(isSafeURL('jav\tascript:alert("XSS");')).toBe(false);
-      expect(isSafeURL(' &#14;  javascript:alert("XSS");')).toBe(false);
-      expect(isSafeURL('ftp://192.168.1.1')).toBe(false);
-      expect(isSafeURL('file:///')).toBe(false);
-      expect(isSafeURL('file:///etc/hosts')).toBe(false);
-    });
-    it('returns false for encoded javascript links', () => {
-      expect(
-        isSafeURL(
-          '&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041',
-        ),
-      ).toBe(false);
-      expect(
-        isSafeURL(
-          '&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;',
-        ),
-      ).toBe(false);
-      expect(
-        isSafeURL(
-          '&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29',
-        ),
-      ).toBe(false);
-      expect(
-        isSafeURL(
-          '\\u006A\\u0061\\u0076\\u0061\\u0073\\u0063\\u0072\\u0069\\u0070\\u0074\\u003A\\u0061\\u006C\\u0065\\u0072\\u0074\\u0028\\u0027\\u0058\\u0053\\u0053\\u0027\\u0029',
-        ),
-      ).toBe(false);
-    });
  });
 });