2015-12-23 02:04:40 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
shared_examples 'an external link with rel attribute' do
|
|
|
|
it 'adds rel="nofollow" to external links' do
|
|
|
|
expect(doc.at_css('a')).to have_attribute('rel')
|
|
|
|
expect(doc.at_css('a')['rel']).to include 'nofollow'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'adds rel="noreferrer" to external links' do
|
|
|
|
expect(doc.at_css('a')).to have_attribute('rel')
|
|
|
|
expect(doc.at_css('a')['rel']).to include 'noreferrer'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'adds rel="noopener" to external links' do
|
|
|
|
expect(doc.at_css('a')).to have_attribute('rel')
|
|
|
|
expect(doc.at_css('a')['rel']).to include 'noopener'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
describe Banzai::Filter::ExternalLinkFilter do
|
2015-12-23 02:04:40 +05:30
|
|
|
include FilterSpecHelper
|
|
|
|
|
|
|
|
it 'ignores elements without an href attribute' do
|
|
|
|
exp = act = %q(<a id="ignored">Ignore Me</a>)
|
|
|
|
expect(filter(act).to_html).to eq exp
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ignores non-HTTP(S) links' do
|
|
|
|
exp = act = %q(<a href="irc://irc.freenode.net/gitlab">IRC</a>)
|
|
|
|
expect(filter(act).to_html).to eq exp
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'skips internal links' do
|
|
|
|
internal = Gitlab.config.gitlab.url
|
|
|
|
exp = act = %Q(<a href="#{internal}/sign_in">Login</a>)
|
|
|
|
expect(filter(act).to_html).to eq exp
|
|
|
|
end
|
|
|
|
|
2016-06-22 15:30:34 +05:30
|
|
|
context 'for root links on document' do
|
|
|
|
let(:doc) { filter %q(<a href="https://google.com/">Google</a>) }
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it_behaves_like 'an external link with rel attribute'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for nested links on document' do
|
|
|
|
let(:doc) { filter %q(<p><a href="https://google.com/">Google</a></p>) }
|
|
|
|
|
|
|
|
it_behaves_like 'an external link with rel attribute'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for invalid urls' do
|
|
|
|
it 'skips broken hrefs' do
|
|
|
|
doc = filter %q(<p><a href="don't crash on broken urls">Google</a></p>)
|
|
|
|
expected = %q(<p><a href="don't%20crash%20on%20broken%20urls">Google</a></p>)
|
|
|
|
|
|
|
|
expect(doc.to_html).to eq(expected)
|
2016-06-22 15:30:34 +05:30
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it 'skips improperly formatted mailtos' do
|
|
|
|
doc = filter %q(<p><a href="mailto://jblogs@example.com">Email</a></p>)
|
|
|
|
expected = %q(<p><a href="mailto://jblogs@example.com">Email</a></p>)
|
|
|
|
|
|
|
|
expect(doc.to_html).to eq(expected)
|
2016-06-22 15:30:34 +05:30
|
|
|
end
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'for links with a username' do
|
|
|
|
context 'with a valid username' do
|
|
|
|
let(:doc) { filter %q(<a href="https://user@google.com/">Google</a>) }
|
2016-06-22 15:30:34 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it_behaves_like 'an external link with rel attribute'
|
2016-06-22 15:30:34 +05:30
|
|
|
end
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'with an impersonated username' do
|
|
|
|
let(:internal) { Gitlab.config.gitlab.url }
|
|
|
|
|
|
|
|
let(:doc) { filter %Q(<a href="https://#{internal}@example.com" target="_blank">Reverse Tabnabbing</a>) }
|
|
|
|
|
|
|
|
it_behaves_like 'an external link with rel attribute'
|
2016-06-22 15:30:34 +05:30
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
2016-11-03 12:29:30 +05:30
|
|
|
|
|
|
|
context 'for non-lowercase scheme links' do
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'with http' do
|
|
|
|
let(:doc) { filter %q(<p><a href="httP://google.com/">Google</a></p>) }
|
2016-11-03 12:29:30 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it_behaves_like 'an external link with rel attribute'
|
2016-11-03 12:29:30 +05:30
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'with https' do
|
|
|
|
let(:doc) { filter %q(<p><a href="hTTpS://google.com/">Google</a></p>) }
|
2016-11-03 12:29:30 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it_behaves_like 'an external link with rel attribute'
|
2016-11-03 12:29:30 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'skips internal links' do
|
|
|
|
internal_link = Gitlab.config.gitlab.url + "/sign_in"
|
|
|
|
url = internal_link.gsub(/\Ahttp/, 'HtTp')
|
|
|
|
act = %Q(<a href="#{url}">Login</a>)
|
|
|
|
exp = %Q(<a href="#{internal_link}">Login</a>)
|
|
|
|
expect(filter(act).to_html).to eq(exp)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'skips relative links' do
|
|
|
|
exp = act = %q(<a href="http_spec/foo.rb">Relative URL</a>)
|
|
|
|
expect(filter(act).to_html).to eq(exp)
|
|
|
|
end
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
context 'for protocol-relative links' do
|
|
|
|
let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) }
|
|
|
|
|
|
|
|
it_behaves_like 'an external link with rel attribute'
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|