vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:20:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: merge chat image safety cases

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-17 18:35:48 +01:00
parent 0747a9c85a
commit 1df50183b2
1 changed files with 7 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ui/src/ui/views/chat-image-open.browser.test.ts
View File

@@ -16,15 +16,16 @@ function renderAssistantImage(url: string) {
}
describe("chat image open safety", () => {
it("opens safe image URLs in a hardened new tab", async () => {
it("opens only safe image URLs in a hardened new tab", async () => {
const app = mountApp("/chat");
await app.updateComplete;
const openSpy = vi.spyOn(window, "open").mockReturnValue(null);
app.chatMessages = [renderAssistantImage("https://example.com/cat.png")];
await app.updateComplete;
const image = app.querySelector<HTMLImageElement>(".chat-message-image");
let image = app.querySelector<HTMLImageElement>(".chat-message-image");
expect(image).not.toBeNull();
image?.dispatchEvent(new MouseEvent("click", { bubbles: true }));
@@ -34,34 +35,24 @@ describe("chat image open safety", () => {
"_blank",
"noopener,noreferrer",
);
});
it("does not open unsafe image URLs", async () => {
const app = mountApp("/chat");
await app.updateComplete;
const openSpy = vi.spyOn(window, "open").mockReturnValue(null);
openSpy.mockClear();
app.chatMessages = [renderAssistantImage("javascript:alert(1)")];
await app.updateComplete;
const image = app.querySelector<HTMLImageElement>(".chat-message-image");
image = app.querySelector<HTMLImageElement>(".chat-message-image");
expect(image).not.toBeNull();
image?.dispatchEvent(new MouseEvent("click", { bubbles: true }));
expect(openSpy).not.toHaveBeenCalled();
});
it("does not open SVG data image URLs", async () => {
const app = mountApp("/chat");
await app.updateComplete;
const openSpy = vi.spyOn(window, "open").mockReturnValue(null);
openSpy.mockClear();
app.chatMessages = [
renderAssistantImage("data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' />"),
];
await app.updateComplete;
const image = app.querySelector<HTMLImageElement>(".chat-message-image");
image = app.querySelector<HTMLImageElement>(".chat-message-image");
expect(image).not.toBeNull();
image?.dispatchEvent(new MouseEvent("click", { bubbles: true }));