mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 19:03:40 +08:00
FIX: don't onebox to IP addresses
This commit is contained in:
parent
d20cbfb2b3
commit
9f3c38832e
|
@ -1,10 +1,12 @@
|
|||
require "ipaddr"
|
||||
|
||||
module Onebox
|
||||
module Engine
|
||||
class WhitelistedGenericOnebox
|
||||
|
||||
# overwrite the whitelist
|
||||
def self.===(other)
|
||||
true
|
||||
other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true
|
||||
end
|
||||
|
||||
# ensure we're the last engine to be used
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
require 'rails_helper'
|
||||
|
||||
describe Onebox::Engine::WhitelistedGenericOnebox do
|
||||
|
||||
describe ".===" do
|
||||
|
||||
it "matches any domain" do
|
||||
expect(described_class === URI('http://foo.bar/resource')).to be(true)
|
||||
end
|
||||
|
||||
it "doesn't match an IP address" do
|
||||
expect(described_class === URI('http://1.2.3.4/resource')).to be(false)
|
||||
expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue
Block a user