Skip to content

Commit ef3d93f

Browse files
pcarletonclaude
pcarleton
and
claude
committed
fix: update test error messages for expanded URL scheme validation
Updated test expectations to match the new error message that includes javascript:, data:, and vbscript: schemes in the validation error. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
1 parent 45bbd9b commit ef3d93f

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

src/shared/auth.test.ts

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ import {
33
SafeUrlSchema,
44
OAuthMetadataSchema,
55
OpenIdProviderMetadataSchema,
6-
OAuthTokensSchema,
76
OAuthClientMetadataSchema,
87
} from './auth.js';
98

@@ -18,8 +17,8 @@ describe('SafeUrlSchema', () => {
1817
});
1918

2019
it('rejects javascript: scheme URLs', () => {
21-
expect(() => SafeUrlSchema.parse('javascript:alert(1)')).toThrow('URL cannot use javascript: scheme');
22-
expect(() => SafeUrlSchema.parse('JAVASCRIPT:alert(1)')).toThrow('URL cannot use javascript: scheme');
20+
expect(() => SafeUrlSchema.parse('javascript:alert(1)')).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');
21+
expect(() => SafeUrlSchema.parse('JAVASCRIPT:alert(1)')).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');
2322
});
2423

2524
it('rejects invalid URLs', () => {
@@ -49,7 +48,7 @@ describe('OAuthMetadataSchema', () => {
4948
response_types_supported: ['code'],
5049
};
5150

52-
expect(() => OAuthMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript: scheme');
51+
expect(() => OAuthMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');
5352
});
5453

5554
it('requires mandatory fields', () => {
@@ -87,7 +86,7 @@ describe('OpenIdProviderMetadataSchema', () => {
8786
id_token_signing_alg_values_supported: ['RS256'],
8887
};
8988

90-
expect(() => OpenIdProviderMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript: scheme');
89+
expect(() => OpenIdProviderMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');
9190
});
9291
});
9392

@@ -108,6 +107,6 @@ describe('OAuthClientMetadataSchema', () => {
108107
client_name: 'Test App',
109108
};
110109

111-
expect(() => OAuthClientMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript: scheme');
110+
expect(() => OAuthClientMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');
112111
});
113112
});

0 commit comments

Comments
 (0)