Add tests (#14622)

2025-04-24 09:48:58 -04:00 · 2017-10-26 16:57:56 -04:00 · 2017-10-26 16:57:56 -04:00 · 15add96054
commit 15add96054
parent 54db6e3699
3 changed files with 50 additions and 8 deletions
--- a/src/core_plugins/kibana/common/field_formats/types/tests/url.js
+++ b/src/core_plugins/kibana/common/field_formats/types/tests/url.js
@ -19,9 +19,9 @@ describe('UrlFormat', function () {

  describe('url template', function () {
    it('accepts a template', function () {
-      const url = new UrlFormat({ urlTemplate: 'url: {{ value }}' });
+      const url = new UrlFormat({ urlTemplate: 'http://{{ value }}' });
      expect(url.convert('url', 'html'))
-        .to.be('<span ng-non-bindable><a href="url: url" target="_blank">url: url</a></span>');
+        .to.be('<span ng-non-bindable><a href="http://url" target="_blank">http://url</a></span>');
    });

    it('only outputs the url if the contentType === "text"', function () {
@ -32,9 +32,9 @@ describe('UrlFormat', function () {

  describe('label template', function () {
    it('accepts a template', function () {
-      const url = new UrlFormat({ labelTemplate: 'extension: {{ value }}' });
+      const url = new UrlFormat({ labelTemplate: 'extension: {{ value }}', urlTemplate: 'http://www.{{value}}.com' });
      expect(url.convert('php', 'html'))
-        .to.be('<span ng-non-bindable><a href="php" target="_blank">extension: php</a></span>');
+        .to.be('<span ng-non-bindable><a href="http://www.php.com" target="_blank">extension: php</a></span>');
    });

    it('uses the label template for text formating', function () {
@ -76,4 +76,22 @@ describe('UrlFormat', function () {
      });
    });
  });
+
+  describe('whitelist', function () {
+    it('should spit out the raw value if the value is not in the whitelist', function () {
+      const url = new UrlFormat();
+
+      expect(url.convert('www.elastic.co', 'html'))
+      .to.be('<span ng-non-bindable>www.elastic.co</span>');
+
+      expect(url.convert('elastic.co', 'html'))
+      .to.be('<span ng-non-bindable>elastic.co</span>');
+
+      expect(url.convert('elastic', 'html'))
+      .to.be('<span ng-non-bindable>elastic</span>');
+
+      expect(url.convert('ftp://elastic.co', 'html'))
+      .to.be('<span ng-non-bindable>ftp://elastic.co</span>');
+    });
+  });
 });
--- a/src/core_plugins/kibana/common/field_formats/types/url.js
+++ b/src/core_plugins/kibana/common/field_formats/types/url.js
@ -3,6 +3,7 @@ import { FieldFormat } from '../../../../../ui/field_formats/field_format';
 import { getHighlightHtml } from '../../highlight/highlight_html';

 const templateMatchRE = /{{([\s\S]+?)}}/g;
+const whitelistUrlSchemes = ['http://', 'https://'];

 export class UrlFormat extends FieldFormat {
  constructor(params) {
@ -98,6 +99,11 @@ UrlFormat.prototype._convert = {

        return `<img src="${url}" alt="${imageLabel}">`;
      default:
+        const inWhitelist = whitelistUrlSchemes.some(scheme => url.indexOf(scheme) === 0);
+        if (!inWhitelist) {
+          return url;
+        }
+
        let linkLabel;

        if (hit && hit.highlight && hit.highlight[field.name]) {
--- a/src/core_plugins/kibana/public/field_formats/tests/_url.js
+++ b/src/core_plugins/kibana/public/field_formats/tests/_url.js
@ -44,11 +44,11 @@ describe('Url Format', function () {

    describe('url template', function () {
      it('accepts a template', function () {
-        const url = new Url({ urlTemplate: 'url: {{ value }}' });
+        const url = new Url({ urlTemplate: 'http://{{ value }}' });
        const $a = unwrap($(url.convert('url', 'html')));
        expect($a.is('a')).to.be(true);
        expect($a.size()).to.be(1);
-        expect($a.attr('href')).to.be('url: url');
+        expect($a.attr('href')).to.be('http://url');
        expect($a.attr('target')).to.be('_blank');
        expect($a.children().size()).to.be(0);
      });
@ -61,11 +61,11 @@ describe('Url Format', function () {

    describe('label template', function () {
      it('accepts a template', function () {
-        const url = new Url({ labelTemplate: 'extension: {{ value }}' });
+        const url = new Url({ labelTemplate: 'extension: {{ value }}', urlTemplate: 'http://www.{{value}}.com' });
        const $a = unwrap($(url.convert('php', 'html')));
        expect($a.is('a')).to.be(true);
        expect($a.size()).to.be(1);
-        expect($a.attr('href')).to.be('php');
+        expect($a.attr('href')).to.be('http://www.php.com');
        expect($a.html()).to.be('extension: php');
      });

@ -109,5 +109,23 @@ describe('Url Format', function () {
        });
      });
    });
+
+    describe('whitelist', function () {
+      it('should spit out the raw value if the value is not in the whitelist', function () {
+        const url = new Url();
+
+        expect(url.convert('www.elastic.co', 'html'))
+        .to.be('<span ng-non-bindable>www.elastic.co</span>');
+
+        expect(url.convert('elastic.co', 'html'))
+        .to.be('<span ng-non-bindable>elastic.co</span>');
+
+        expect(url.convert('elastic', 'html'))
+        .to.be('<span ng-non-bindable>elastic</span>');
+
+        expect(url.convert('ftp://elastic.co', 'html'))
+        .to.be('<span ng-non-bindable>ftp://elastic.co</span>');
+      });
+    });
  });
 });