收口宿主壳外链打开协议

共享 HostBridge 契约新增外链 URL 协议白名单校验 Expo 移动壳打开外链前拒绝危险协议 Tauri 桌面壳打开外链前拒绝危险协议补充共享契约、移动壳和桌面壳外链校验测试更新宿主壳方案和团队共享决策记录
2026-06-17 22:31:24 +08:00
parent 8b14c6ebe5
commit 61d910400e
7 changed files with 161 additions and 9 deletions
--- a/apps/mobile-shell/src/mobileHostBridge.test.ts
+++ b/apps/mobile-shell/src/mobileHostBridge.test.ts
@@ -1,3 +1,4 @@
+import * as Linking from 'expo-linking';
 import { afterEach, describe, expect, test, vi } from 'vitest';

 import {
@@ -83,6 +84,7 @@ function expectFailed(response: HostBridgeResponse) {
 }

 afterEach(() => {
+  vi.mocked(Linking.openURL).mockReset();
  configureMobileHostBridgeNavigation(null);
 });

@@ -148,4 +150,28 @@ describe('handleMobileHostBridgeMessage', () => {

    expect(failedResponse.error.code).toBe('unsupported_method');
  });
+
+  test('app.openExternalUrl 只打开允许的外链协议', async () => {
+    const response = await send(
+      request('app.openExternalUrl', {
+        url: ' https://example.com/path ',
+      }),
+    );
+
+    expectOk(response);
+    expect(Linking.openURL).toHaveBeenCalledWith('https://example.com/path');
+  });
+
+  test('app.openExternalUrl 拒绝危险协议', async () => {
+    const response = await send(
+      request('app.openExternalUrl', {
+        url: 'javascript:alert(1)',
+      }),
+    );
+
+    const failedResponse = expectFailed(response);
+
+    expect(failedResponse.error.code).toBe('invalid_request');
+    expect(Linking.openURL).not.toHaveBeenCalled();
+  });
 });