2022-09-18 02:22:19 +00:00
import { shell } from 'electron' ;
jest . mock ( './windowHelpers' ) ;
2021-05-22 03:41:13 +00:00
import {
2022-09-18 02:22:19 +00:00
cleanupPlainText ,
2021-05-22 03:41:13 +00:00
getCounterValue ,
2022-09-18 02:22:19 +00:00
linkIsInternal ,
openExternal ,
2021-05-22 03:41:13 +00:00
removeUserAgentSpecifics ,
} from './helpers' ;
2022-09-18 02:22:19 +00:00
import { showNavigationBlockedMessage } from './windowHelpers' ;
2018-05-27 21:18:59 +00:00
const internalUrl = 'https://medium.com/' ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
const internalUrlWww = 'https://www.medium.com/' ;
2022-02-06 22:49:30 +00:00
const internalUrlSubPathRegex = /https:\/\/www.medium.com\/.*/ ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
const sameBaseDomainUrl = 'https://app.medium.com/' ;
const internalUrlCoUk = 'https://medium.co.uk/' ;
2021-04-30 11:52:58 +00:00
const differentBaseDomainUrlCoUk = 'https://other.domain.co.uk/' ;
2021-05-03 17:22:44 +00:00
const sameBaseDomainUrlCoUk = 'https://app.medium.co.uk/' ;
const sameBaseDomainUrlTidalListen = 'https://listen.tidal.com/' ;
const sameBaseDomainUrlTidalLogin = 'https://login.tidal.com/' ;
2022-02-06 22:49:30 +00:00
const sameBaseDomainUrlTidalRegex = /https:\/\/(login|listen).tidal.com\/.*/ ;
2018-05-27 21:18:59 +00:00
const internalUrlSubPath = 'topic/technology' ;
const externalUrl = 'https://www.wikipedia.org/wiki/Electron' ;
const wildcardRegex = /.*/ ;
2022-02-06 22:40:51 +00:00
test ( 'the original url should be internal without --strict-internal-urls' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect (
linkIsInternal ( internalUrl , internalUrl , undefined , undefined ) ,
) . toEqual ( true ) ;
2018-05-27 21:18:59 +00:00
} ) ;
2022-02-06 22:40:51 +00:00
test ( 'the original url should be internal with --strict-internal-urls off' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , internalUrl , undefined , false ) ) . toEqual (
true ,
) ;
2022-02-06 22:40:51 +00:00
} ) ;
test ( 'the original url should be internal with --strict-internal-urls on' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , internalUrl , undefined , true ) ) . toEqual (
true ,
) ;
2022-02-06 22:40:51 +00:00
} ) ;
test ( 'sub-paths of the original url should be internal with --strict-internal-urls off' , ( ) = > {
2018-05-27 21:18:59 +00:00
expect (
2022-02-06 22:49:30 +00:00
linkIsInternal (
internalUrl ,
internalUrl + internalUrlSubPath ,
undefined ,
false ,
) ,
2018-05-27 21:18:59 +00:00
) . toEqual ( true ) ;
} ) ;
2022-02-06 22:40:51 +00:00
test ( 'sub-paths of the original url should not be internal with --strict-internal-urls on' , ( ) = > {
expect (
2022-02-06 22:49:30 +00:00
linkIsInternal (
internalUrl ,
internalUrl + internalUrlSubPath ,
undefined ,
true ,
) ,
2022-02-06 22:40:51 +00:00
) . toEqual ( false ) ;
} ) ;
test ( 'sub-paths of the original url should be internal with using a regex and --strict-internal-urls on' , ( ) = > {
expect (
2022-02-06 22:49:30 +00:00
linkIsInternal (
internalUrl ,
internalUrl + internalUrlSubPath ,
internalUrlSubPathRegex ,
true ,
) ,
2022-02-06 22:40:51 +00:00
) . toEqual ( false ) ;
} ) ;
test ( "'about:blank' should always be internal" , ( ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , 'about:blank' , undefined , true ) ) . toEqual (
true ,
) ;
2018-05-27 21:18:59 +00:00
} ) ;
test ( 'urls from different sites should not be internal' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , externalUrl , undefined , false ) ) . toEqual (
false ,
) ;
2018-05-27 21:18:59 +00:00
} ) ;
test ( 'all urls should be internal with wildcard regex' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , externalUrl , wildcardRegex , true ) ) . toEqual (
true ,
) ;
2018-05-27 21:18:59 +00:00
} ) ;
2018-05-28 12:14:54 +00:00
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
test ( 'a "www." of a domain should be considered internal' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , internalUrlWww , undefined , false ) ) . toEqual (
true ,
) ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
} ) ;
test ( 'urls on the same "base domain" should be considered internal' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect (
linkIsInternal ( internalUrl , sameBaseDomainUrl , undefined , false ) ,
) . toEqual ( true ) ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
} ) ;
2022-02-06 22:40:51 +00:00
test ( 'urls on the same "base domain" should NOT be considered internal using --strict-internal-urls' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect (
linkIsInternal ( internalUrl , sameBaseDomainUrl , undefined , true ) ,
) . toEqual ( false ) ;
2022-02-06 22:40:51 +00:00
} ) ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
test ( 'urls on the same "base domain" should be considered internal, even with a www' , ( ) = > {
2022-02-06 22:49:30 +00:00
expect (
linkIsInternal ( internalUrlWww , sameBaseDomainUrl , undefined , false ) ,
) . toEqual ( true ) ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
} ) ;
2021-05-03 17:22:44 +00:00
test ( 'urls on the same "base domain" should be considered internal, even with different sub domains' , ( ) = > {
expect (
linkIsInternal (
sameBaseDomainUrlTidalListen ,
sameBaseDomainUrlTidalLogin ,
undefined ,
2022-02-06 22:49:30 +00:00
false ,
2021-05-03 17:22:44 +00:00
) ,
) . toEqual ( true ) ;
} ) ;
2022-02-06 22:40:51 +00:00
test ( 'urls should support sub domain matching with a regex' , ( ) = > {
expect (
linkIsInternal (
sameBaseDomainUrlTidalListen ,
sameBaseDomainUrlTidalLogin ,
sameBaseDomainUrlTidalRegex ,
2022-02-06 22:49:30 +00:00
false ,
2022-02-06 22:40:51 +00:00
) ,
) . toEqual ( true ) ;
} ) ;
test ( 'urls on the same "base domain" should NOT be considered internal with different sub domains when using --strict-internal-urls' , ( ) = > {
expect (
linkIsInternal (
sameBaseDomainUrlTidalListen ,
sameBaseDomainUrlTidalLogin ,
undefined ,
2022-02-06 22:49:30 +00:00
true ,
2022-02-06 22:40:51 +00:00
) ,
) . toEqual ( false ) ;
} ) ;
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
test ( 'urls on the same "base domain" should be considered internal, long SLD' , ( ) = > {
expect (
2022-02-06 22:40:51 +00:00
linkIsInternal ( internalUrlCoUk , sameBaseDomainUrlCoUk , undefined , false ) ,
Fix considering "same domain-ish" URLs as internal (PR #1126)
In 6b266b78150, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
2021-03-04 15:00:53 +00:00
) . toEqual ( true ) ;
} ) ;
2021-04-30 11:52:58 +00:00
test ( 'urls on the a different "base domain" are considered NOT internal, long SLD' , ( ) = > {
expect (
2022-02-06 22:49:30 +00:00
linkIsInternal (
internalUrlCoUk ,
differentBaseDomainUrlCoUk ,
undefined ,
false ,
) ,
2021-04-30 11:52:58 +00:00
) . toEqual ( false ) ;
} ) ;
2021-03-11 00:20:53 +00:00
const testLoginPages = [
'https://amazon.co.uk/signin' ,
'https://amazon.com/signin' ,
'https://amazon.de/signin' ,
'https://amazon.com/ap/signin' ,
'https://facebook.co.uk/login' ,
'https://facebook.com/login' ,
'https://facebook.de/login' ,
'https://github.co.uk/login' ,
'https://github.com/login' ,
'https://github.de/login' ,
2021-03-17 11:39:24 +00:00
// GitHub 2FA flow with FIDO token
'https://github.com/session' ,
'https://github.com/sessions/two-factor/webauth' ,
2021-03-11 00:20:53 +00:00
'https://accounts.google.co.uk' ,
'https://accounts.google.com' ,
2021-04-29 17:24:15 +00:00
'https://mail.google.com/accounts/SetOSID' ,
'https://mail.google.co.uk/accounts/SetOSID' ,
2021-03-11 00:20:53 +00:00
'https://accounts.google.de' ,
'https://linkedin.co.uk/uas/login' ,
'https://linkedin.com/uas/login' ,
'https://linkedin.de/uas/login' ,
'https://login.live.co.uk' ,
'https://login.live.com' ,
'https://login.live.de' ,
2021-05-30 00:38:24 +00:00
'https://login.microsoftonline.com/common/oauth2/authorize' ,
'https://login.microsoftonline.co.uk/common/oauth2/authorize' ,
'https://login.microsoftonline.de/common/oauth2/authorize' ,
2021-03-11 00:20:53 +00:00
'https://okta.co.uk' ,
'https://okta.com' ,
'https://subdomain.okta.com' ,
'https://okta.de' ,
'https://twitter.co.uk/oauth/authenticate' ,
'https://twitter.com/oauth/authenticate' ,
'https://twitter.de/oauth/authenticate' ,
2021-04-01 22:03:07 +00:00
'https://appleid.apple.com/auth/authorize' ,
2021-07-29 03:22:02 +00:00
'https://id.atlassian.com' ,
'https://auth.atlassian.com' ,
2022-04-18 22:46:31 +00:00
'https://vmware.workspaceair.com' ,
'https://vmware.auth.securid.com' ,
2021-03-11 00:20:53 +00:00
] ;
test . each ( testLoginPages ) (
2021-03-11 00:30:59 +00:00
'%s login page should be internal' ,
2021-03-11 00:20:53 +00:00
( loginUrl : string ) = > {
2022-02-06 22:49:30 +00:00
expect ( linkIsInternal ( internalUrl , loginUrl , undefined , false ) ) . toEqual (
true ,
) ;
2021-03-11 00:20:53 +00:00
} ,
) ;
2021-03-17 11:39:24 +00:00
// Ensure that we don't over-match service pages
const testNonLoginPages = [
'https://www.amazon.com/Node-Cookbook-techniques-server-side-development-ebook' ,
'https://github.com/nativefier/nativefier' ,
'https://github.com/org/nativefier' ,
2021-05-30 00:38:24 +00:00
'https://microsoft.com' ,
'https://office.microsoftonline.com' ,
2021-03-17 11:39:24 +00:00
'https://twitter.com/marcoroth_/status/1325938620906287104' ,
2021-04-01 22:03:07 +00:00
'https://appleid.apple.com/account' ,
2021-04-29 17:24:15 +00:00
'https://mail.google.com/' ,
2021-07-29 03:22:02 +00:00
'https://atlassian.com' ,
2021-03-17 11:39:24 +00:00
] ;
test . each ( testNonLoginPages ) (
'%s page should not be internal' ,
( url : string ) = > {
2022-02-06 22:40:51 +00:00
expect ( linkIsInternal ( internalUrl , url , undefined , false ) ) . toEqual ( false ) ;
2021-03-17 11:39:24 +00:00
} ,
) ;
2018-05-28 12:14:54 +00:00
const smallCounterTitle = 'Inbox (11) - nobody@example.com - Gmail' ;
const largeCounterTitle = 'Inbox (8,756) - nobody@example.com - Gmail' ;
2022-04-11 17:18:06 +00:00
const hourCounterTitle = 'Today (1:23) - nobody@example.com - TimeTracker' ;
2018-05-28 12:14:54 +00:00
const noCounterTitle = 'Inbox - nobody@example.com - Gmail' ;
test ( 'getCounterValue should return undefined for titles without counter numbers' , ( ) = > {
expect ( getCounterValue ( noCounterTitle ) ) . toEqual ( undefined ) ;
} ) ;
test ( 'getCounterValue should return a string for small counter numbers in the title' , ( ) = > {
expect ( getCounterValue ( smallCounterTitle ) ) . toEqual ( '11' ) ;
} ) ;
test ( 'getCounterValue should return a string for large counter numbers in the title' , ( ) = > {
expect ( getCounterValue ( largeCounterTitle ) ) . toEqual ( '8,756' ) ;
2022-04-11 17:18:06 +00:00
} ) ;
test ( 'getCounterValue should return a string for hour counter numbers in the title' , ( ) = > {
expect ( getCounterValue ( hourCounterTitle ) ) . toEqual ( '1:23' ) ;
2018-05-28 12:14:54 +00:00
} ) ;
2021-05-22 03:41:13 +00:00
describe ( 'removeUserAgentSpecifics' , ( ) = > {
2022-03-21 03:23:10 +00:00
const userAgentFallback =
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) app-nativefier-804458/1.0.0 Chrome/89.0.4389.128 Electron/12.0.7 Safari/537.36' ;
2021-05-22 03:41:13 +00:00
test ( 'removes Electron and App specific info' , ( ) = > {
expect (
removeUserAgentSpecifics (
userAgentFallback ,
'app-nativefier-804458' ,
'1.0.0' ,
) ,
) . not . toBe (
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36' ,
) ;
} ) ;
2022-03-21 03:23:10 +00:00
test ( 'should not have multiple spaces in a row' , ( ) = > {
expect (
removeUserAgentSpecifics (
userAgentFallback ,
'app-nativefier-804458' ,
'1.0.0' ,
) ,
) . toEqual ( expect . not . stringMatching ( /\s{2,}/ ) ) ;
} ) ;
2021-05-22 03:41:13 +00:00
} ) ;
2022-02-10 13:39:56 +00:00
describe ( 'cleanupPlainText' , ( ) = > {
test ( 'removes extra spaces from text' , ( ) = > {
expect ( cleanupPlainText ( ' this is a test ' ) ) . toBe ( 'this is a test' ) ;
} ) ;
} ) ;
2022-09-18 02:22:19 +00:00
describe ( 'openExternal' , ( ) = > {
const mockShellOpenExternal : jest.SpyInstance = jest . spyOn (
shell ,
'openExternal' ,
) ;
const mockShowNavigationBlockedMessage : jest.SpyInstance =
showNavigationBlockedMessage as jest . Mock ;
beforeEach ( ( ) = > {
mockShellOpenExternal . mockReset ( ) ;
mockShowNavigationBlockedMessage
. mockReset ( )
. mockReturnValue ( Promise . resolve ( undefined ) ) ;
} ) ;
afterAll ( ( ) = > {
mockShellOpenExternal . mockRestore ( ) ;
mockShowNavigationBlockedMessage . mockRestore ( ) ;
} ) ;
test ( 'https urls scheme should *not* be blocked' , async ( ) = > {
await openExternal ( 'https://whatever.foo' ) ;
expect ( mockShowNavigationBlockedMessage ) . not . toHaveBeenCalled ( ) ;
expect ( mockShellOpenExternal ) . toHaveBeenCalled ( ) ;
} ) ;
test ( 'urls with whitelisted scheme should *not* be blocked' , async ( ) = > {
await openExternal ( 'ircs://irc.libera.chat/whatever' ) ;
expect ( mockShowNavigationBlockedMessage ) . not . toHaveBeenCalled ( ) ;
expect ( mockShellOpenExternal ) . toHaveBeenCalled ( ) ;
} ) ;
test ( 'urls with non-allowlisted scheme *should* be blocked' , async ( ) = > {
await openExternal ( 'barf://whatever.foo' ) ;
expect ( mockShowNavigationBlockedMessage ) . toHaveBeenCalledTimes ( 1 ) ;
expect ( mockShellOpenExternal ) . not . toHaveBeenCalled ( ) ;
} ) ;
test ( 'potentially-malicious urls *should* be blocked' , async ( ) = > {
await openExternal ( 'https://hello.com/wor%00ld' ) ;
expect ( mockShowNavigationBlockedMessage ) . toHaveBeenCalledTimes ( 1 ) ;
expect ( mockShellOpenExternal ) . not . toHaveBeenCalled ( ) ;
} ) ;
test ( 'malformed urls *should* be blocked' , async ( ) = > {
await openExternal ( 'zombocom' ) ;
expect ( mockShowNavigationBlockedMessage ) . toHaveBeenCalledTimes ( 1 ) ;
expect ( mockShellOpenExternal ) . not . toHaveBeenCalled ( ) ;
} ) ;
} ) ;