github-actions[bot]
commented
10 months ago Pull Request Test Coverage Report for Build 6475851841
- 48 of 54 (88.89%) changed or added relevant lines in 2 files are covered.
- 3 unchanged lines in 2 files lost coverage.
- Overall coverage increased (+0.04%) to 84.282%
| Changes Missing Coverage | Covered Lines | Changed/Added Lines | % | ||
|---|---|---|---|---|---|
| backend/app/store/service/title.go | 21 | 27 | 77.78% | ||
| <!-- | Total: | 48 | 54 | 88.89% | --> |
| Files with Coverage Reduction | New Missed Lines | % | ||
|---|---|---|---|---|
| backend/app/store/service/title.go | 1 | 79.75% | ||
| backend/app/providers/telegram.go | 2 | 87.88% | ||
| <!-- | Total: | 3 | --> |
| Totals | |
|---|---|
| Change from base Build 6472903539: | 0.04% |
| Covered Lines: | 5850 |
| Relevant Lines: | 6941 |
umputun
Allowed domains consist of
REMARK_URLsecond-level domain (or whole IP in case it's IP like127.0.0.1) andALLOWED_HOSTS. That is needed to prevent Remark42 from asking arbitrary servers and storing the page title as the comment.PostTitle.Previous behaviour allowed the caller of the API to create a comment with an arbitrary URL and learn the title of the page, which might be accessible to the server Remark42 is installed on but not to the user outside that network (CWE-918).
Resolves #1677.