diff options
| author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-12-05 20:14:09 +0000 |
|---|---|---|
| committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-12-06 15:18:18 +0000 |
| commit | 72c00594070dfd1a778c2e03ff400b478e6c3774 (patch) | |
| tree | d8fd26536ef6c5e4a2e3ef02ea7785537d34d93b /spec/validators | |
| parent | 8cd5004b350ef342f66956c11272dad1328f6526 (diff) | |
| download | gitlab-ce-72c00594070dfd1a778c2e03ff400b478e6c3774.tar.gz | |
Allow URLs to be validated as ascii_only
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
Diffstat (limited to 'spec/validators')
| -rw-r--r-- | spec/validators/url_validator_spec.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/validators/url_validator_spec.rb b/spec/validators/url_validator_spec.rb index 082d09d3f16..f3f3386382f 100644 --- a/spec/validators/url_validator_spec.rb +++ b/spec/validators/url_validator_spec.rb @@ -143,4 +143,33 @@ describe UrlValidator do end end end + + context 'when ascii_only is' do + let(:url) { 'https://𝕘itⅼαƄ.com/foo/foo.bar'} + let(:validator) { described_class.new(attributes: [:link_url], ascii_only: ascii_only) } + + context 'true' do + let(:ascii_only) { true } + + it 'prevents unicode characters' do + badge.link_url = url + + subject + + expect(badge.errors.empty?).to be false + end + end + + context 'false (default)' do + let(:ascii_only) { false } + + it 'does not prevent unicode characters' do + badge.link_url = url + + subject + + expect(badge.errors.empty?).to be true + end + end + end end |