marcel/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2025-08-12 21:19:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent external redirects

Browse Source
This commit is contained in:
Sascha Ißbrücker
2022-03-25 18:29:54 +01:00
parent 1ffc3e0266
commit edb71286e7
11 changed files with 94 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
bookmarks/tests/test_bookmark_bulk_edit_view.py
View File

@@ -220,3 +220,29 @@ class BookmarkBulkEditViewTestCase(TestCase, BookmarkFactoryMixin):
})
self.assertBookmarksAreUnmodified([bookmark1, bookmark2, bookmark3])
def test_bulk_edit_should_redirect_to_return_url(self):
bookmark1 = self.setup_bookmark()
bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark()
url = reverse('bookmarks:bulk_edit') + '?return_url=' + reverse('bookmarks:settings.index')
response = self.client.post(url, {
'bulk_archive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
})
self.assertRedirects(response, reverse('bookmarks:settings.index'))
def test_bulk_edit_should_not_redirect_to_external_url(self):
bookmark1 = self.setup_bookmark()
bookmark2 = self.setup_bookmark()
bookmark3 = self.setup_bookmark()
url = reverse('bookmarks:bulk_edit') + '?return_url=https://example.com'
response = self.client.post(url, {
'bulk_archive': [''],
'bookmark_id': [str(bookmark1.id), str(bookmark2.id), str(bookmark3.id)],
})
self.assertRedirects(response, reverse('bookmarks:index'))