marcel/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2025-08-12 21:19:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent external redirects

Browse Source
This commit is contained in:
Sascha Ißbrücker
2022-03-25 18:29:54 +01:00
parent 1ffc3e0266
commit edb71286e7
11 changed files with 94 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bookmarks/tests/test_bookmark_archive_view.py
View File

@@ -44,3 +44,12 @@ class BookmarkArchiveViewTestCase(TestCase, BookmarkFactoryMixin):
self.assertEqual(response.status_code, 404)
self.assertFalse(bookmark.is_archived)
def test_should_not_redirect_to_external_url(self):
bookmark = self.setup_bookmark()
response = self.client.get(
reverse('bookmarks:archive', args=[bookmark.id]) + '?return_url=https://example.com'
)
self.assertRedirects(response, reverse('bookmarks:index'))