diff options
Diffstat (limited to 'spec/requests/external_redirect/external_redirect_controller_spec.rb')
-rw-r--r-- | spec/requests/external_redirect/external_redirect_controller_spec.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/spec/requests/external_redirect/external_redirect_controller_spec.rb b/spec/requests/external_redirect/external_redirect_controller_spec.rb index 1b4294f5c4d..881acbd97ac 100644 --- a/spec/requests/external_redirect/external_redirect_controller_spec.rb +++ b/spec/requests/external_redirect/external_redirect_controller_spec.rb @@ -45,7 +45,10 @@ RSpec.describe "ExternalRedirect::ExternalRedirectController requests", feature_ [ ["when url is bad", "url=javascript:alert(1)"], ["when url is empty", "url="], - ["when url param is missing", ""] + ["when url param is missing", ""], + ["when url points to self", "url=http://www.example.com/-/external_redirect?url=#{external_url_encoded}"], + ["when url points to self encoded", + "url=http%3A%2F%2Fwww.example.com/-/external_redirect?url=#{external_url_encoded}"] ] end |