Permalink
Browse files
Merge pull request #11006 from brave/fix/homepage-homograph
fix homepage punycode display bypass
- Loading branch information...
Showing
with
16 additions
and
2 deletions.
-
+1
−1
js/lib/urlutil.js
-
+11
−0
test/about/preferencesTest.js
-
+4
−1
test/unit/lib/urlutilTest.js
|
|
@@ -354,7 +354,7 @@ const UrlUtil = { |
|
|
|
parsed.hostname = punycode.toASCII(parsed.hostname) |
|
|
|
return urlFormat(parsed) |
|
|
|
} catch (e) { |
|
|
|
return url |
|
|
|
return punycode.toASCII(url) |
|
|
|
} |
|
|
|
}, |
|
|
|
|
|
|
|
|
|
@@ -35,6 +35,17 @@ describe('General Panel', function () { |
|
|
|
.waitForInputText(homepageInput, 'https://www.brave.xn--com-8cd/') |
|
|
|
}) |
|
|
|
|
|
|
|
it('homepage displays punycode without HTTP prefix', function * () { |
|
|
|
yield this.app.client |
|
|
|
.tabByIndex(0) |
|
|
|
.loadUrl(prefsUrl) |
|
|
|
.waitForVisible(homepageInput) |
|
|
|
.click(homepageInput) |
|
|
|
.keys(Array.apply(null, Array(50)).map(() => Brave.keys.BACKSPACE)) |
|
|
|
.keys('а') |
|
|
|
.waitForInputText(homepageInput, 'xn--80a') |
|
|
|
}) |
|
|
|
|
|
|
|
it('homepage can be backspaced', function * () { |
|
|
|
yield this.app.client |
|
|
|
.tabByIndex(0) |
|
|
|
|
|
@@ -280,9 +280,12 @@ describe('urlutil', function () { |
|
|
|
}) |
|
|
|
|
|
|
|
describe('getPunycodeUrl', function () { |
|
|
|
it('returns empty string if input is not a URL', function () { |
|
|
|
it('returns original string if input is ASCII', function () { |
|
|
|
assert.equal(urlUtil.getPunycodeUrl('invalid-url-goes-here'), 'invalid-url-goes-here') |
|
|
|
}) |
|
|
|
it('returns punycode ASCII string if input is non-ASCII', function () { |
|
|
|
assert.equal(urlUtil.getPunycodeUrl('ebаy.com'), 'xn--eby-7cd.com') |
|
|
|
}) |
|
|
|
it('returns the punycode URL when given a valid URL', function () { |
|
|
|
assert.equal(urlUtil.getPunycodeUrl('http://brave:brave@ebаy.com:1234/brave#brave'), 'http://brave:brave@xn--eby-7cd.com:1234/brave#brave') |
|
|
|
}) |
|
|
|
0 comments on commit
f2e438d