TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-11 09:53:32 +03:00
Code Issues Projects Releases Wiki Activity
318484d737
Ghost/core/test/acceptance
History
Kevin Ansfield 4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint 
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
..
admin 🔒 Improved validation of fetched urls and responses in oembed endpoint 2020-03-09 10:42:25 +00:00
content Added new brand blog setting (#11408) 2019-12-17 16:15:31 +05:30
README.md Separated test env into: acceptance, regression and unit tests (#10411) 2019-01-22 17:54:50 +01:00

README.md

Acceptance Tests

This folder should only contain a set of basic API use cases.

We are currently refactoring the test env. The "old" folder currently contains all API tests for the stable API version (v2). The goal is:

  • either keep a test if it's a basic use case e.g. upload an image, schedule a post, download a theme
  • otherwise move the test to regression api v2 tests

We probably need a differentiation for the acceptance tests for session and api_key authentication.

Before we move tests:

  • we have to re-work how are test utility is structured
  • we have to reduce tests