From eaf3c8376e6a05bd20919e0f08c356982bc6abf8 Mon Sep 17 00:00:00 2001
From: hackademix
Date: Sun, 29 Dec 2019 19:39:35 +0100
Subject: Fixed UNTRUSTED domains accidentally set in "match HTTPS only" mode
 (issue #126).

---
 src/test/Policy_test.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/test/Policy_test.js')

diff --git a/src/test/Policy_test.js b/src/test/Policy_test.js
index f12183e..5b2ecbf 100644
--- a/src/test/Policy_test.js
+++ b/src/test/Policy_test.js
@@ -9,7 +9,9 @@
   p1.set("perchè.com", p1.TRUSTED);
   p1.set("10", p1.TRUSTED);
   p1.set("192.168", p1.TRUSTED);
-  p1.set("192.168.69", p1.UNTRUSTED)
+  p1.set("192.168.69", p1.UNTRUSTED);
+  // secureDomainKey should be "downgraded" by UTRUSTED, issue #126
+  p1.set(Sites.secureDomainKey("evil.com"), p1.UNTRUSTED);
   let p2 = new Policy(p1.dry());
   debug("p1", JSON.stringify(p1.dry()));
   debug("p2", JSON.stringify(p2.dry()));
@@ -31,7 +33,8 @@
     () => !p1.can("https://192.168.69.1"),
     () => !p1.can("https://10.0.0.1"),
     () => p1.can("http://192.168.1.2"),
-    () => p1.can("http://some.onion")
+    () => p1.can("http://some.onion"),
+    () => !p1.can("http://evil.com"),
   ]) Test.run(t);
   Sites.onionSecure = onionSecureCurrent;
   Test.report();
-- 
cgit v1.2.3