You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by sh...@apache.org on 2013/01/22 00:50:53 UTC
ios commit: Added whitelist unit test to check for query param matches
Updated Branches:
refs/heads/master 725419c17 -> 0f84a09cc
Added whitelist unit test to check for query param matches
Project: http://git-wip-us.apache.org/repos/asf/cordova-ios/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-ios/commit/0f84a09c
Tree: http://git-wip-us.apache.org/repos/asf/cordova-ios/tree/0f84a09c
Diff: http://git-wip-us.apache.org/repos/asf/cordova-ios/diff/0f84a09c
Branch: refs/heads/master
Commit: 0f84a09cc889a216be9e9d082f912e16245804ca
Parents: 725419c
Author: Shazron Abdullah <sh...@apache.org>
Authored: Mon Jan 21 15:50:43 2013 -0800
Committer: Shazron Abdullah <sh...@apache.org>
Committed: Mon Jan 21 15:50:43 2013 -0800
----------------------------------------------------------------------
CordovaLibTests/CDVWhitelistTests.m | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/0f84a09c/CordovaLibTests/CDVWhitelistTests.m
----------------------------------------------------------------------
diff --git a/CordovaLibTests/CDVWhitelistTests.m b/CordovaLibTests/CDVWhitelistTests.m
index c1bc757..172b62e 100644
--- a/CordovaLibTests/CDVWhitelistTests.m
+++ b/CordovaLibTests/CDVWhitelistTests.m
@@ -182,6 +182,18 @@
STAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]], nil);
}
+- (void)testNoMatchInQueryParam
+{
+ NSArray* allowedHosts = [NSArray arrayWithObjects:
+ @"www.apache.org",
+ nil];
+
+ CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];
+
+ STAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"www.malicious-site.org?url=http://www.apache.org"]], nil);
+ STAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"www.malicious-site.org?url=www.apache.org"]], nil);
+}
+
- (void)testWildcardMix
{
NSArray* allowedHosts = [NSArray arrayWithObjects: