Software / code / prosody
Annotate
spec/muc_util_spec.lua @ 13854:0b01f40df0f9 13.0
mod_http_file_share: Add media-src 'self' to Content-Security-Policy header
This allows certain media files to be loaded when navigated to directly in a
web browser.
Note that in some browsers (Chrome), the media gets transformed
internally into a HTML page with some basic styles, but these are blocked due
to our default-src policy of 'none' Although this could be unblocked with
style-src unsafe-inline, it is not our plan to fix this, because this would
have negative security implications.
The reason for our CSP is to prevent the file share service from being used to
host malicious HTML/CSS/JS. Yes, CSS can be malicious.
Our file share service is for uploading and downloading files, it is not a
substitute for website/content hosting.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 18 Apr 2025 12:25:06 +0100 |
| parent | 10715:ad86b93093a3 |
| rev | line source |
|---|---|
|
9213
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local muc_util; |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local st = require "util.stanza"; |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 do |
|
10715
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
6 -- XXX Hack for lack of a mock moduleapi |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
7 local env = setmetatable({ |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
8 module = { |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
9 _shared = {}; |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
10 -- Close enough to the real module:shared() for our purposes here |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
11 shared = function (self, name) |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
12 local t = self._shared[name]; |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
13 if t == nil then |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
14 t = {}; |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
15 self._shared[name] = t; |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
16 end |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
17 return t; |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
18 end; |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
19 } |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
20 }, { __index = _ENV or _G }); |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
21 muc_util = require "util.envload".envloadfile("plugins/muc/util.lib.lua", env)(); |
|
ad86b93093a3
spec: Include a hacky moduleapi stub to allow test to proceed
Kim Alvefur <zash@zash.se>
parents:
9213
diff
changeset
|
22 end |
|
9213
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 describe("muc/util", function () |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 describe("filter_muc_x()", function () |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 it("correctly filters muc#user", function () |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local stanza = st.message({ to = "to", from = "from", id = "foo" }) |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 :tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }) |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 :tag("invite", { to = "user@example.com" }); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 assert.equal(1, #stanza.tags); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 assert.equal(stanza, muc_util.filter_muc_x(stanza)); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 assert.equal(0, #stanza.tags); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 end); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 it("correctly filters muc#user on a cloned stanza", function () |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 local stanza = st.message({ to = "to", from = "from", id = "foo" }) |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 :tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }) |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 :tag("invite", { to = "user@example.com" }); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 assert.equal(1, #stanza.tags); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 local filtered = muc_util.filter_muc_x(st.clone(stanza)); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 assert.equal(1, #stanza.tags); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 assert.equal(0, #filtered.tags); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 end); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 end); |
|
172f93f752b8
tests: Add muc/util tests for filtering MUC elements
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 end); |
