From 53129e9cc7eb1c4f55b44a14adc91da23c7be85b Mon Sep 17 00:00:00 2001 From: Michał Gołębiowski-Owczarek Date: Wed, 26 Mar 2025 14:25:24 +0100 Subject: Tabs: Support URL-based credentials When credentials are provided directly in the URL, e.g.: https://username:password@www.example.com/ `location.href` strips out the auth part, but anchor links contain them, making our `isLocal` computation broken. This fixes it by only looking at `origin`, `pathname` & `search`. Fixes gh-2213 Closes gh-2345 --- tests/unit/tabs/core.js | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'tests/unit') diff --git a/tests/unit/tabs/core.js b/tests/unit/tabs/core.js index c2fd89048..f7515f585 100644 --- a/tests/unit/tabs/core.js +++ b/tests/unit/tabs/core.js @@ -747,4 +747,30 @@ QUnit.test( "extra listeners created when tabs are added/removed (trac-15136)", "No extra listeners after removing all the extra tabs" ); } ); +QUnit.test( "URL-based auth with local tabs (gh-2213)", function( assert ) { + assert.expect( 1 ); + + var origAjax = $.ajax, + element = $( "#tabs1" ), + anchor = element.find( "a[href='#fragment-3']" ), + url = new URL( anchor.prop( "href" ) ); + + try { + $.ajax = function() { + throw new Error( "Unexpected AJAX call; all tabs are local!" ); + }; + + anchor.attr( "href", url.protocol + "//username:password@" + url.host + + url.pathname + url.search + url.hash ); + + element.tabs(); + anchor.trigger( "click" ); + + assert.strictEqual( element.tabs( "option", "active" ), 2, + "should set the active option" ); + } finally { + $.ajax = origAjax; + } +} ); + } ); -- cgit v1.2.3