Add missing specs meta-redirect dections in OpenRedirect#vulnerable?.

* Add specs for when when `content=` is double quoted, but `url=` is single quoted.
ronin-rb · May 25, 2024 · 609d802 · 609d802
1 parent 46f9cff
commit 609d802
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/spec/open_redirect_spec.rb b/spec/open_redirect_spec.rb
@@ -439,6 +439,29 @@
             end
           end
 
+          context "when the content attribute is double quoted" do
+            context "and the url value is single quoted" do
+              let(:response_body) do
+                <<~HTML
+                  <html>
+                    <head>
+                      <meta http-equiv="refresh" content="0;url='#{subject.test_url}'"/>
+                    </head>
+                    <body>
+                      <p>example content</p>
+                      <p>included content</p>
+                      <p>more content</p>
+                    </body>
+                  </html>
+                HTML
+              end
+
+              it "must return true" do
+                expect(subject.vulnerable?).to be_truthy
+              end
+            end
+          end
+
           context "when the content attribute is not quoted" do
             context "and the url value is double quoted" do
               let(:response_body) do