jeremy.herve.bzh / skypress
A calm place to write long-form, and publish it to the open social web. skypress.blog/
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

skypress / src / lib / embeds / playback.test.ts
at trunk 1.4 kB View raw
Jeremy Herve Embeds: client facade activation with host re-validation
d0c382e6
1// src/lib/embeds/playback.test.ts 2import { describe, expect, it } from 'vitest'; 3import { playbackUrl, isTrustedPlaybackUrl } from './playback'; 4 5describe( 'playbackUrl', () => { 6 it( 'builds privacy-friendly youtube + vimeo URLs', () => { 7 expect( playbackUrl( 'youtube', 'dQw4w9WgXcQ' ) ).toBe( 8 'https://www.youtube-nocookie.com/embed/dQw4w9WgXcQ?autoplay=1' 9 ); 10 expect( playbackUrl( 'vimeo', '123456789' ) ).toBe( 11 'https://player.vimeo.com/video/123456789?autoplay=1' 12 ); 13 } ); 14 15 it( 'URL-encodes the id', () => { 16 expect( playbackUrl( 'youtube', 'a/b?c' ) ).toContain( '/embed/a%2Fb%3Fc?' ); 17 } ); 18} ); 19 20describe( 'isTrustedPlaybackUrl', () => { 21 it( 'accepts only the two playback hosts', () => { 22 expect( isTrustedPlaybackUrl( 'https://www.youtube-nocookie.com/embed/x?autoplay=1' ) ).toBe( true ); 23 expect( isTrustedPlaybackUrl( 'https://player.vimeo.com/video/1?autoplay=1' ) ).toBe( true ); 24 } ); 25 26 it( 'rejects anything else', () => { 27 expect( isTrustedPlaybackUrl( 'https://evil.com/embed/x' ) ).toBe( false ); 28 expect( isTrustedPlaybackUrl( 'https://www.youtube-nocookie.com.evil.com/embed/x' ) ).toBe( false ); 29 expect( isTrustedPlaybackUrl( 'https://www.youtube-nocookie.com@evil.com/x' ) ).toBe( false ); 30 expect( isTrustedPlaybackUrl( 'http://www.youtube-nocookie.com/x' ) ).toBe( false ); 31 expect( isTrustedPlaybackUrl( 'javascript:alert(1)' ) ).toBe( false ); 32 } ); 33} );