mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
07e62a213b
Django has updated the is_safe_url() method that we based our implementation on. It is now called url_has_allowed_host_and_scheme(). Our implementation remains simple as we don't allow any hostname or scheme to be set. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
37 lines
760 B
Python
37 lines
760 B
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
Tests for common FreedomBox views.
|
|
"""
|
|
|
|
import pytest
|
|
|
|
from plinth.views import is_safe_url
|
|
|
|
|
|
@pytest.mark.parametrize('url', [
|
|
'/plinth/login/',
|
|
'/',
|
|
'safe',
|
|
])
|
|
def test_is_safe_url_valid_url(url):
|
|
"""Test valid URLs for safe URL checks."""
|
|
assert is_safe_url(url)
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
'url',
|
|
[
|
|
'',
|
|
None,
|
|
'\\plinth',
|
|
'///plinth',
|
|
'https://example.com/plinth/login/',
|
|
'https:///example.com',
|
|
'https:///plinth/login',
|
|
'ftp://example.com',
|
|
'https://[aabb::ccdd', # Invalid IPv6
|
|
])
|
|
def test_is_safe_url_invalid_url(url):
|
|
"""Test invalid URLs for safe URL checks."""
|
|
assert not is_safe_url(url)
|