Mark links with a password as "sneaky"

2021-04-28 15:19:32 -05:00 · 2021-04-28 15:19:32 -05:00 · a5fde38c98
commit a5fde38c98
parent bf6487c5b9
2 changed files with 3 additions and 1 deletions
--- a/js/modules/link_previews.js
+++ b/js/modules/link_previews.js
@ -117,7 +117,7 @@ function isLinkSneaky(href) {
  }

  // Any links which contain auth are considered sneaky
-  if (url.username) {
+  if (url.username || url.password) {
    return true;
  }

--- a/test/modules/link_previews_test.js
+++ b/test/modules/link_previews_test.js
@ -148,6 +148,8 @@ describe('Link previews', () => {
    describe('auth', () => {
      it('returns true for hrefs with auth (or pretend auth)', () => {
        assert.isTrue(isLinkSneaky('https://user:pass@example.com'));
+        assert.isTrue(isLinkSneaky('https://user:@example.com'));
+        assert.isTrue(isLinkSneaky('https://:pass@example.com'));
        assert.isTrue(
          isLinkSneaky('http://whatever.com&login=someuser@77777777')
        );