make sure urls with leading spaces are not accepted

spatie · Dec 11, 2024 · fae8396 · fae8396
1 parent bc075ca
commit fae8396
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 3 deletions.
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
@@ -9,7 +9,7 @@ jobs:
             fail-fast: false
             matrix:
                 os: [ubuntu-latest]
-                php: [8.3, 8.2]
+                php: [8.4, 8.3, 8.2]
                 stability: [prefer-lowest, prefer-stable]
 
         name: P${{ matrix.php }} - ${{ matrix.stability }} - ${{ matrix.os }}

diff --git a/composer.json b/composer.json
@@ -29,10 +29,10 @@
         "ext-fileinfo": "*"
     },
     "require-dev": {
-        "pestphp/pest": "^1.20",
+        "pestphp/pest": "^3.0",
         "spatie/image": "^3.6",
         "spatie/pdf-to-text": "^1.52",
-        "spatie/phpunit-snapshot-assertions": "^4.2.3"
+        "spatie/phpunit-snapshot-assertions": "^4.2.3|^5.0"
     },
     "autoload": {
         "psr-4": {

diff --git a/src/Browsershot.php b/src/Browsershot.php
@@ -257,6 +257,8 @@ public function waitForSelector(string $selector, array $options = []): static
 
     public function setUrl(string $url): static
     {
+        $url = trim($url);
+
         if (str_starts_with(strtolower($url), 'file://') || str_starts_with(strtolower($url), 'file:/')) {
             throw FileUrlNotAllowed::make();
         }

diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
@@ -56,6 +56,10 @@
     Browsershot::url('file://test');
 })->throws(FileUrlNotAllowed::class);
 
+it('will not allow a file url that has leading spaces', function () {
+    Browsershot::url('    file://test');
+})->throws(FileUrlNotAllowed::class);
+
 it('will not allow html to contain file://', function () {
     Browsershot::html('<h1><img src="file://" /></h1>');
 })->throws(HtmlIsNotAllowedToContainFile::class);