Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: origins_to_regexes should always return an array (#15589) 

If the SiteSetting `allowed_onebox_iframes` contains a value of `*`, it will use the values of `all_iframe_origins` during the Oneboxing process. If `all_iframe_origins` itself contains a value of `*`, `origins_to_regexes` will try to return a "catch-all" regex.

Other code assumes `origins_to_regexes`will return an array, so this change ensures the `*` case will return an array containing only the catch-all regex.
This commit is contained in:
jbrw 2022-01-17 12:48:41 -05:00 committed by GitHub
parent ed2f700440
commit 2909b8b820
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/onebox/engine.rb
View File

@ -17,7 +17,8 @@ module Onebox
end
def self.origins_to_regexes(origins)
return /.*/ if origins.include?("*")
return [/.*/] if origins.include?("*")
origins.map do |origin|
escaped_origin = Regexp.escape(origin)
if origin.start_with?("*.", "https://*.", "http://*.")

12
spec/lib/onebox/engine_spec.rb
View File

@ -50,6 +50,18 @@ describe Onebox::Engine do
end
end
describe "origins_to_regexes" do
it "converts URLs to regexes" do
result = Onebox::Engine.origins_to_regexes(["https://example.com", "https://example2.com"])
expect(result).to eq([/\Ahttps:\/\/example\.com/i, /\Ahttps:\/\/example2\.com/i])
end
it "treats '*' as a catch-all" do
result = Onebox::Engine.origins_to_regexes(["https://example.com", "*", "https://example2.com"])
expect(result).to eq([/.*/])
end
end
describe "handles_content_type?" do
class OneboxEngineImages
include Onebox::Engine