You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by sh...@apache.org on 2013/01/22 00:50:53 UTC

ios commit: Added whitelist unit test to check for query param matches

Updated Branches:
  refs/heads/master 725419c17 -> 0f84a09cc


Added whitelist unit test to check for query param matches


Project: http://git-wip-us.apache.org/repos/asf/cordova-ios/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-ios/commit/0f84a09c
Tree: http://git-wip-us.apache.org/repos/asf/cordova-ios/tree/0f84a09c
Diff: http://git-wip-us.apache.org/repos/asf/cordova-ios/diff/0f84a09c

Branch: refs/heads/master
Commit: 0f84a09cc889a216be9e9d082f912e16245804ca
Parents: 725419c
Author: Shazron Abdullah <sh...@apache.org>
Authored: Mon Jan 21 15:50:43 2013 -0800
Committer: Shazron Abdullah <sh...@apache.org>
Committed: Mon Jan 21 15:50:43 2013 -0800

----------------------------------------------------------------------
 CordovaLibTests/CDVWhitelistTests.m |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/0f84a09c/CordovaLibTests/CDVWhitelistTests.m
----------------------------------------------------------------------
diff --git a/CordovaLibTests/CDVWhitelistTests.m b/CordovaLibTests/CDVWhitelistTests.m
index c1bc757..172b62e 100644
--- a/CordovaLibTests/CDVWhitelistTests.m
+++ b/CordovaLibTests/CDVWhitelistTests.m
@@ -182,6 +182,18 @@
     STAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"http://apache.org"]], nil);
 }
 
+- (void)testNoMatchInQueryParam
+{
+    NSArray* allowedHosts = [NSArray arrayWithObjects:
+        @"www.apache.org",
+        nil];
+
+    CDVWhitelist* whitelist = [[CDVWhitelist alloc] initWithArray:allowedHosts];
+
+    STAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"www.malicious-site.org?url=http://www.apache.org"]], nil);
+    STAssertFalse([whitelist URLIsAllowed:[NSURL URLWithString:@"www.malicious-site.org?url=www.apache.org"]], nil);
+}
+
 - (void)testWildcardMix
 {
     NSArray* allowedHosts = [NSArray arrayWithObjects: