310 lines
12 KiB
JavaScript
310 lines
12 KiB
JavaScript
// Copyright 2019-2020 Signal Messenger, LLC
|
||
// SPDX-License-Identifier: AGPL-3.0-only
|
||
|
||
const { assert } = require('chai');
|
||
|
||
const {
|
||
findLinks,
|
||
isLinkSafeToPreview,
|
||
isLinkSneaky,
|
||
} = require('../../js/modules/link_previews');
|
||
|
||
describe('Link previews', () => {
|
||
describe('#isLinkSafeToPreview', () => {
|
||
it('returns false for invalid URLs', () => {
|
||
assert.isFalse(isLinkSafeToPreview(''));
|
||
assert.isFalse(isLinkSafeToPreview('https'));
|
||
assert.isFalse(isLinkSafeToPreview('https://'));
|
||
assert.isFalse(isLinkSafeToPreview('https://bad url'));
|
||
assert.isFalse(isLinkSafeToPreview('example.com'));
|
||
});
|
||
|
||
it('returns false for non-HTTPS URLs', () => {
|
||
assert.isFalse(isLinkSafeToPreview('http://example.com'));
|
||
assert.isFalse(isLinkSafeToPreview('ftp://example.com'));
|
||
assert.isFalse(isLinkSafeToPreview('file://example'));
|
||
});
|
||
|
||
it('returns false if the link is "sneaky"', () => {
|
||
// See `isLinkSneaky` tests below for more thorough checking.
|
||
assert.isFalse(isLinkSafeToPreview('https://user:pass@example.com'));
|
||
assert.isFalse(isLinkSafeToPreview('https://aquí.example'));
|
||
assert.isFalse(isLinkSafeToPreview('https://aqu%C3%AD.example'));
|
||
});
|
||
|
||
it('returns true for "safe" urls', () => {
|
||
assert.isTrue(isLinkSafeToPreview('https://example.com'));
|
||
assert.isTrue(
|
||
isLinkSafeToPreview('https://example.com/foo/bar?query=string#hash')
|
||
);
|
||
});
|
||
});
|
||
|
||
describe('#findLinks', () => {
|
||
it('returns all links if no caretLocation is provided', () => {
|
||
const text =
|
||
'Check out this link: https://github.com/signalapp/Signal-Desktop\nAnd this one too: https://github.com/signalapp/Signal-Android';
|
||
|
||
const expected = [
|
||
'https://github.com/signalapp/Signal-Desktop',
|
||
'https://github.com/signalapp/Signal-Android',
|
||
];
|
||
|
||
const actual = findLinks(text);
|
||
assert.deepEqual(expected, actual);
|
||
});
|
||
|
||
it('includes all links if cursor is not in a link', () => {
|
||
const text =
|
||
'Check out this link: https://github.com/signalapp/Signal-Desktop\nAnd this one too: https://github.com/signalapp/Signal-Android';
|
||
const caretLocation = 10;
|
||
|
||
const expected = [
|
||
'https://github.com/signalapp/Signal-Desktop',
|
||
'https://github.com/signalapp/Signal-Android',
|
||
];
|
||
|
||
const actual = findLinks(text, caretLocation);
|
||
assert.deepEqual(expected, actual);
|
||
});
|
||
|
||
it('excludes a link not at the end if the caret is inside of it', () => {
|
||
const text =
|
||
'Check out this link: https://github.com/signalapp/Signal-Desktop\nAnd this one too: https://github.com/signalapp/Signal-Android';
|
||
const caretLocation = 30;
|
||
|
||
const expected = ['https://github.com/signalapp/Signal-Android'];
|
||
|
||
const actual = findLinks(text, caretLocation);
|
||
assert.deepEqual(expected, actual);
|
||
});
|
||
|
||
it('excludes a link not at the end if the caret is at its end', () => {
|
||
const text =
|
||
'Check out this link: https://github.com/signalapp/Signal-Desktop\nAnd this one too: https://github.com/signalapp/Signal-Android';
|
||
const caretLocation = 64;
|
||
|
||
const expected = ['https://github.com/signalapp/Signal-Android'];
|
||
|
||
const actual = findLinks(text, caretLocation);
|
||
assert.deepEqual(expected, actual);
|
||
});
|
||
|
||
it('excludes a link at the end of the caret is inside of it', () => {
|
||
const text =
|
||
'Check out this link: https://github.com/signalapp/Signal-Desktop\nAnd this one too: https://github.com/signalapp/Signal-Android';
|
||
const caretLocation = 100;
|
||
|
||
const expected = ['https://github.com/signalapp/Signal-Desktop'];
|
||
|
||
const actual = findLinks(text, caretLocation);
|
||
assert.deepEqual(expected, actual);
|
||
});
|
||
|
||
it('includes link at the end if cursor is at its end', () => {
|
||
const text =
|
||
'Check out this link: https://github.com/signalapp/Signal-Desktop\nAnd this one too: https://github.com/signalapp/Signal-Android';
|
||
const caretLocation = text.length;
|
||
|
||
const expected = [
|
||
'https://github.com/signalapp/Signal-Desktop',
|
||
'https://github.com/signalapp/Signal-Android',
|
||
];
|
||
|
||
const actual = findLinks(text, caretLocation);
|
||
assert.deepEqual(expected, actual);
|
||
});
|
||
});
|
||
|
||
describe('#isLinkSneaky', () => {
|
||
it('returns true for =', () => {
|
||
const link = 'r.id=s.id';
|
||
assert.strictEqual(isLinkSneaky(link), true);
|
||
});
|
||
|
||
it('returns true for $', () => {
|
||
const link = 'r.id$s.id';
|
||
assert.strictEqual(isLinkSneaky(link), true);
|
||
});
|
||
|
||
it('returns true for +', () => {
|
||
const link = 'r.id+s.id';
|
||
assert.strictEqual(isLinkSneaky(link), true);
|
||
});
|
||
|
||
it('returns true for ^', () => {
|
||
const link = 'r.id^s.id';
|
||
assert.strictEqual(isLinkSneaky(link), true);
|
||
});
|
||
|
||
it('returns true for URLs with a length of 4097 or higher', () => {
|
||
const href = `https://example.com/${'a'.repeat(4077)}`;
|
||
assert.lengthOf(href, 4097, 'Test href is not the proper length');
|
||
|
||
assert.isTrue(isLinkSneaky(href));
|
||
assert.isTrue(isLinkSneaky(`${href}?foo=bar`));
|
||
});
|
||
|
||
describe('auth', () => {
|
||
it('returns true for hrefs with auth (or pretend auth)', () => {
|
||
assert.isTrue(isLinkSneaky('https://user:pass@example.com'));
|
||
assert.isTrue(isLinkSneaky('https://user:@example.com'));
|
||
assert.isTrue(isLinkSneaky('https://:pass@example.com'));
|
||
assert.isTrue(
|
||
isLinkSneaky('http://whatever.com&login=someuser@77777777')
|
||
);
|
||
});
|
||
});
|
||
|
||
describe('domain', () => {
|
||
it('returns false for all-latin domain', () => {
|
||
const link = 'https://www.amazon.com';
|
||
const actual = isLinkSneaky(link);
|
||
assert.strictEqual(actual, false);
|
||
});
|
||
|
||
it('returns false for IPv4 addresses', () => {
|
||
assert.isFalse(isLinkSneaky('https://127.0.0.1/path'));
|
||
});
|
||
|
||
// It's possible that this should return `false` but we'd need to add special logic
|
||
// for it.
|
||
it('returns true for IPv6 addresses', () => {
|
||
assert.isTrue(
|
||
isLinkSneaky('https://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]/path')
|
||
);
|
||
assert.isTrue(isLinkSneaky('https://[::]/path'));
|
||
});
|
||
|
||
it('returns true for Latin + Cyrillic domain', () => {
|
||
const link = 'https://www.aмazon.com';
|
||
const actual = isLinkSneaky(link);
|
||
assert.strictEqual(actual, true);
|
||
});
|
||
|
||
it('returns true for Latin + Greek domain', () => {
|
||
const link = 'https://www.αpple.com';
|
||
const actual = isLinkSneaky(link);
|
||
assert.strictEqual(actual, true);
|
||
});
|
||
|
||
it('returns true for ASCII and non-ASCII mix', () => {
|
||
const link = 'https://www.аррӏе.com';
|
||
const actual = isLinkSneaky(link);
|
||
assert.strictEqual(actual, true);
|
||
});
|
||
|
||
it('returns true for Latin + High Greek domain', () => {
|
||
const link = `https://www.apple${String.fromCodePoint(0x101a0)}.com`;
|
||
const actual = isLinkSneaky(link);
|
||
assert.strictEqual(actual, true);
|
||
});
|
||
|
||
it("returns true if the domain doesn't contain a .", () => {
|
||
assert.isTrue(isLinkSneaky('https://example'));
|
||
assert.isTrue(isLinkSneaky('https://localhost'));
|
||
assert.isTrue(isLinkSneaky('https://localhost:3000'));
|
||
});
|
||
|
||
it('returns true if the domain has any empty labels', () => {
|
||
assert.isTrue(isLinkSneaky('https://example.'));
|
||
assert.isTrue(isLinkSneaky('https://example.com.'));
|
||
assert.isTrue(isLinkSneaky('https://.example.com'));
|
||
assert.isTrue(isLinkSneaky('https://..example.com'));
|
||
});
|
||
|
||
it('returns true if the domain is longer than 2048 UTF-16 code points', () => {
|
||
const domain = `${'a'.repeat(2041)}.example`;
|
||
assert.lengthOf(domain, 2049, 'Test domain is the incorrect length');
|
||
const link = `https://${domain}/foo/bar`;
|
||
assert.isTrue(isLinkSneaky(link));
|
||
});
|
||
});
|
||
|
||
describe('pathname', () => {
|
||
it('returns false for no pathname', () => {
|
||
assert.isFalse(isLinkSneaky('https://example.com'));
|
||
assert.isFalse(isLinkSneaky('https://example.com/'));
|
||
});
|
||
|
||
it('returns false if the pathname contains valid characters', () => {
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo'));
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo/bar'));
|
||
assert.isFalse(
|
||
isLinkSneaky("https://example.com/:/[]@!$&'()*+,;=abc123-._~%")
|
||
);
|
||
assert.isFalse(
|
||
isLinkSneaky(
|
||
'https://lbry.tv/@ScammerRevolts:b0/DELETING-EVERY-FILE-OFF-A-SCAMMERS-LAPTOP-Destroyed:1'
|
||
)
|
||
);
|
||
});
|
||
|
||
it('returns true if the pathname contains invalid characters', () => {
|
||
assert.isTrue(isLinkSneaky('https://example.com/hello world'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/aquí-está'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/hello\x00world'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/hello\nworld'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/hello😈world'));
|
||
});
|
||
});
|
||
|
||
describe('query string', () => {
|
||
it('returns false for no query', () => {
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo'));
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo?'));
|
||
});
|
||
|
||
it('returns false if the query string contains valid characters', () => {
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo?bar'));
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo?bar=baz'));
|
||
assert.isFalse(
|
||
isLinkSneaky(
|
||
"https://example.com/foo?bar=:/[]@!$&'()*+,;=abc123-._~%"
|
||
)
|
||
);
|
||
assert.isFalse(
|
||
isLinkSneaky(
|
||
"https://example.com/foo?:/[]@!$&'()*+,;=abc123-._~%=baz"
|
||
)
|
||
);
|
||
});
|
||
|
||
it('returns true if the query string contains invalid characters', () => {
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo?bar baz'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo?bar baz=qux'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo?bar=baz qux'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo?aquí=está'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo?hello=\x00world'));
|
||
assert.isTrue(
|
||
isLinkSneaky('https://example.com/foo?hello=hello\nworld')
|
||
);
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo?hello=😈world'));
|
||
});
|
||
});
|
||
|
||
describe('hash', () => {
|
||
it('returns false for no hash', () => {
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo'));
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo#'));
|
||
});
|
||
|
||
it('returns false if the hash contains valid characters', () => {
|
||
assert.isFalse(isLinkSneaky('https://example.com/foo#bar'));
|
||
assert.isFalse(
|
||
isLinkSneaky("https://example.com/foo#:/[]@!$&'()*+,;=abc123-._~%")
|
||
);
|
||
});
|
||
|
||
it('returns true if the hash contains invalid characters', () => {
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#bar baz'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#bar baz=qux'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#bar=baz qux'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#aquí_está'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#hello\x00world'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#hello\nworld'));
|
||
assert.isTrue(isLinkSneaky('https://example.com/foo#hello😈world'));
|
||
});
|
||
});
|
||
});
|
||
});
|