diff options
Diffstat (limited to 'routers/utils')
-rw-r--r-- | routers/utils/utils.go | 16 | ||||
-rw-r--r-- | routers/utils/utils_test.go | 34 |
2 files changed, 50 insertions, 0 deletions
diff --git a/routers/utils/utils.go b/routers/utils/utils.go index 64b132ff3e..7c845f8763 100644 --- a/routers/utils/utils.go +++ b/routers/utils/utils.go @@ -6,7 +6,10 @@ package utils import ( "html" + "net/url" "strings" + + "code.gitea.io/gitea/modules/setting" ) // RemoveUsernameParameterSuffix returns the username parameter without the (fullname) suffix - leaving just the username @@ -46,3 +49,16 @@ func SanitizeFlashErrorString(x string) string { return strings.Replace(html.EscapeString(x), "\n", "<br>", -1) } + +// IsExternalURL checks if rawURL points to an external URL like http://example.com +func IsExternalURL(rawURL string) bool { + parsed, err := url.Parse(rawURL) + if err != nil { + return true + } + appURL, _ := url.Parse(setting.AppURL) + if len(parsed.Host) != 0 && strings.Replace(parsed.Host, "www.", "", 1) != strings.Replace(appURL.Host, "www.", "", 1) { + return true + } + return false +} diff --git a/routers/utils/utils_test.go b/routers/utils/utils_test.go index d96e1d7d26..ec5e69862a 100644 --- a/routers/utils/utils_test.go +++ b/routers/utils/utils_test.go @@ -7,6 +7,7 @@ package utils import ( "testing" + "code.gitea.io/gitea/modules/setting" "github.com/stretchr/testify/assert" ) @@ -32,3 +33,36 @@ func TestIsValidSlackChannel(t *testing.T) { assert.Equal(t, v.expected, IsValidSlackChannel(v.channelName)) } } + +func TestIsExternalURL(t *testing.T) { + setting.AppURL = "https://try.gitea.io" + type test struct { + Expected bool + RawURL string + } + newTest := func(expected bool, rawURL string) test { + return test{Expected: expected, RawURL: rawURL} + } + for _, test := range []test{ + newTest(false, + "https://try.gitea.io"), + newTest(true, + "https://example.com/"), + newTest(true, + "//example.com"), + newTest(true, + "http://example.com"), + newTest(false, + "a/"), + newTest(false, + "https://try.gitea.io/test?param=false"), + newTest(false, + "test?param=false"), + newTest(false, + "//try.gitea.io/test?param=false"), + newTest(false, + "/hey/hey/hey#3244"), + } { + assert.Equal(t, test.Expected, IsExternalURL(test.RawURL)) + } +} |