fix: Referer URL validation (#4309)

Fixes #354
2022-03-30 14:36:22 +05:30
parent bfe6324d9a
commit 24b20c10ce
6 changed files with 52 additions and 10 deletions
--- a/spec/helpers/url_helper_spec.rb
+++ b/spec/helpers/url_helper_spec.rb
@@ -0,0 +1,15 @@
+require 'rails_helper'
+
+describe UrlHelper, type: :helper do
+  describe '#url_valid' do
+    context 'when url valid called' do
+      it 'return if valid url passed' do
+        expect(helper.url_valid?('https://app.chatwoot.com/')).to eq true
+      end
+
+      it 'return false if invalid url passed' do
+        expect(helper.url_valid?('javascript:alert(document.cookie)')).to eq false
+      end
+    end
+  end
+end
--- a/spec/models/conversation_spec.rb
+++ b/spec/models/conversation_spec.rb
@@ -525,4 +525,20 @@ RSpec.describe Conversation, type: :model do
      expect { notification.reload }.to raise_error ActiveRecord::RecordNotFound
    end
  end
+
+  describe 'validate invalid referer url' do
+    let(:conversation) { create(:conversation, additional_attributes: { referer: 'javascript' }) }
+
+    it 'returns nil' do
+      expect(conversation['additional_attributes']['referer']).to eq(nil)
+    end
+  end
+
+  describe 'validate valid referer url' do
+    let(:conversation) { create(:conversation, additional_attributes: { referer: 'https://www.chatwoot.com/' }) }
+
+    it 'returns nil' do
+      expect(conversation['additional_attributes']['referer']).to eq('https://www.chatwoot.com/')
+    end
+  end
 end