technoduck.me / core
forked from tangled.org/core
Monorepo for Tangled
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

core / appview / state / login_test.go
at master 28 lines 674 B view raw
Matías Insaurralde appview/state: fix open redirect via return_url after OAuth login
1b29c32f
1package state 2 3import "testing" 4 5func TestSanitizeReturnURL(t *testing.T) { 6 cases := []struct { 7 input string 8 want string 9 }{ 10 {"/", "/"}, 11 {"/some/path", "/some/path"}, 12 {"/valid?query=1", "/valid?query=1"}, 13 {"/valid#anchor", "/valid#anchor"}, 14 // External URLs must be rejected. 15 {"https://evil.com", "/"}, 16 {"http://evil.com", "/"}, 17 // Protocol-relative URLs are treated as external by browsers. 18 {"//evil.com", "/"}, 19 {"//evil.com/phishing", "/"}, 20 // Empty string. 21 {"", "/"}, 22 } 23 for _, tc := range cases { 24 if got := sanitizeReturnURL(tc.input); got != tc.want { 25 t.Errorf("sanitizeReturnURL(%q) = %q, want %q", tc.input, got, tc.want) 26 } 27 } 28}