Make sure we match the whole link text as URL and not only some part. Add some symbols to be invalid in domains. Add 3 tests.

2019-04-26 09:42:20 +02:00 · 2019-04-26 09:42:20 +02:00 · bfe504fed3
commit bfe504fed3
parent 2fe4d2076b
2 changed files with 29 additions and 6 deletions
--- a/test/js/conversation-page-state-test.vala
+++ b/test/js/conversation-page-state-test.vala
@ -17,6 +17,9 @@ class ConversationPageStateTest : ClientWebViewTestCase<ConversationWebView> {
        add_test("is_deceptive_text_deceptive_href", is_deceptive_text_deceptive_href);
        add_test("is_deceptive_text_non_matching_subdomain", is_deceptive_text_non_matching_subdomain);
        add_test("is_deceptive_text_different_domain", is_deceptive_text_different_domain);
+        add_test("is_deceptive_text_embedded_domain", is_deceptive_text_embedded_domain);
+        add_test("is_deceptive_text_innocuous", is_deceptive_text_innocuous);
+        add_test("is_deceptive_text_gitlab", is_deceptive_text_gitlab);
        add_test("is_descendant_of", is_descendant_of);
        add_test("is_descendant_of_with_class", is_descendant_of_with_class);
        add_test("is_descendant_of_no_match", is_descendant_of_no_match);
@ -77,6 +80,26 @@ class ConversationPageStateTest : ClientWebViewTestCase<ConversationWebView> {
               ConversationWebView.DeceptiveText.DECEPTIVE_DOMAIN);
    }

+    public void is_deceptive_text_embedded_domain() throws Error {
+        load_body_fixture("<p>my hovercraft is full of eels</p>");
+        assert(exec_is_deceptive_text("Check out why phishing.net is bad!", "example.com") ==
+               ConversationWebView.DeceptiveText.NOT_DECEPTIVE);
+    }
+
+    public void is_deceptive_text_innocuous() throws Error {
+        // https://gitlab.gnome.org/GNOME/geary/issues/400
+        load_body_fixture("<p>my hovercraft is full of eels</p>");
+        assert(exec_is_deceptive_text("This will be fixed in the next freedesktop-sdk release (18.08.30)", "example.com") ==
+               ConversationWebView.DeceptiveText.NOT_DECEPTIVE);
+    }
+
+    public void is_deceptive_text_gitlab() throws Error {
+        // Link text in gitlab is "@user.name", which was previously false positive (@ can't be part of a domain)
+        load_body_fixture("<p>my hovercraft is full of eels</p>");
+        assert(exec_is_deceptive_text("@user.name", "http://gitlab.org/user.name") ==
+               ConversationWebView.DeceptiveText.NOT_DECEPTIVE);
+    }
+
    public void is_descendant_of() throws GLib.Error {
        load_body_fixture("<blockquote><div id='test'>ohhai</div></blockquote>");
        assert(
--- a/ui/conversation-web-view.js
+++ b/ui/conversation-web-view.js
@ -304,12 +304,12 @@ ConversationPageState.getNodeBounds = function(node) {
 * Test for URL-like `text` that leads somewhere other than `href`.
 */
 ConversationPageState.isDeceptiveText = function(text, href) {
-    // First, does text look like a URI?  Right now, just test whether
-    // it has <string>.<string> in it.  More sophisticated tests are
-    // possible.
-    let domain = new RegExp("([a-z]*://)?"               // Optional scheme
-                          + "([^\\s:/]+\\.[^\\s:/\\.]+)" // Domain
-                          + "(/[^\\s]*)?");              // Optional path
+    // First, does text look like a URI? 
+    let domain = new RegExp("^"
+                          + "([a-z]*://)?"                             // Optional scheme
+                          + "([^\\s:/#%&*@()]+\\.[^\\s:/#%&*@()\\.]+)" // Domain
+                          + "(/[^\\s]*)?"                              // Optional path
+                          + "$");             
    let textParts = text.match(domain);
    if (textParts == null) {
        return ConversationPageState.NOT_DECEPTIVE;