mirror of
https://github.com/home-assistant/iOS.git
synced 2026-04-12 15:26:45 -05:00
c8f35e4cff
<!-- Thank you for submitting a Pull Request and helping to improve Home Assistant. Please complete the following sections to help the processing and review of your changes. Please do not delete anything from this template. --> ## Summary <!-- Provide a brief summary of the changes you have made and most importantly what they aim to achieve --> ## Screenshots <!-- If this is a user-facing change not in the frontend, please include screenshots in light and dark mode. --> ## Link to pull request in Documentation repository <!-- Pull requests that add, change or remove functionality must have a corresponding pull request in the Companion App Documentation repository (https://github.com/home-assistant/companion.home-assistant). Please add the number of this pull request after the "#" --> Documentation: home-assistant/companion.home-assistant# ## Any other notes <!-- If there is any other information of note, like if this Pull Request is part of a bigger change, please include it here. -->
43 lines
1.5 KiB
Swift
43 lines
1.5 KiB
Swift
@testable import HomeAssistant
|
|
import Shared
|
|
import Testing
|
|
import WebKit
|
|
|
|
struct SafeScriptMessageHandlerTests {
|
|
@Test func allowsMainFrameMessageFromConfiguredServerHost() {
|
|
ServerFixture.reset()
|
|
let handler = SafeScriptMessageHandler(
|
|
server: ServerFixture.withRemoteConnection,
|
|
delegate: NoOpScriptMessageHandler()
|
|
)
|
|
|
|
#expect(handler.shouldAllowMessage(isMainFrame: true, host: "external.example.com"))
|
|
#expect(handler.shouldAllowMessage(isMainFrame: true, host: "internal.example.com"))
|
|
#expect(handler.shouldAllowMessage(isMainFrame: true, host: "ui.nabu.casa"))
|
|
}
|
|
|
|
@Test func rejectsMessageFromHostOutsideConfiguredServerHosts() {
|
|
ServerFixture.reset()
|
|
let handler = SafeScriptMessageHandler(
|
|
server: ServerFixture.withRemoteConnection,
|
|
delegate: NoOpScriptMessageHandler()
|
|
)
|
|
|
|
#expect(!handler.shouldAllowMessage(isMainFrame: true, host: "evil.example.com"))
|
|
}
|
|
|
|
@Test func rejectsIframeMessageEvenWhenHostIsAllowed() {
|
|
ServerFixture.reset()
|
|
let handler = SafeScriptMessageHandler(
|
|
server: ServerFixture.withRemoteConnection,
|
|
delegate: NoOpScriptMessageHandler()
|
|
)
|
|
|
|
#expect(!handler.shouldAllowMessage(isMainFrame: false, host: "external.example.com"))
|
|
}
|
|
}
|
|
|
|
private final class NoOpScriptMessageHandler: NSObject, WKScriptMessageHandler {
|
|
func userContentController(_ userContentController: WKUserContentController, didReceive message: WKScriptMessage) {}
|
|
}
|