IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: whitelist oneboxed iframes

Browse Source
This commit is contained in:
Régis Hanol
2017-12-23 01:56:33 +01:00
parent b74e933cfb
commit d6b22e6cc1
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb
View File

@@ -15,4 +15,32 @@ describe Onebox::Engine::WhitelistedGenericOnebox do
end
it "whitelists iframes" do
whitelisted_body = '<html><head><link rel="alternate" type="application/json+oembed" href="https://whitelist.ed/iframes.json" />'
blacklisted_body = '<html><head><link rel="alternate" type="application/json+oembed" href="https://blacklist.ed/iframes.json" />'
whitelisted_oembed = {
type: "rich",
height: "100",
html: "<iframe src='https://ifram.es/foo/bar'></iframe>"
}
blacklisted_oembed = {
type: "rich",
height: "100",
html: "<iframe src='https://malicious/discourse.org/'></iframe>"
}
stub_request(:get, "https://blacklist.ed/iframes").to_return(status: 200, body: blacklisted_body)
stub_request(:get, "https://blacklist.ed/iframes.json").to_return(status: 200, body: blacklisted_oembed.to_json)
stub_request(:get, "https://whitelist.ed/iframes").to_return(status: 200, body: whitelisted_body)
stub_request(:get, "https://whitelist.ed/iframes.json").to_return(status: 200, body: whitelisted_oembed.to_json)
SiteSetting.allowed_iframes = "discourse.org|https://ifram.es"
expect(Onebox.preview("https://blacklist.ed/iframes").to_s).to be_empty
expect(Onebox.preview("https://whitelist.ed/iframes").to_s).to match("iframe src")
end
end