fix(back): index 页 back 校验拒绝 nested back + 调整测试断言

2026-03-14 02:12:29 +00:00
parent 7479eb0e77
commit bb40ff692c
4 changed files with 27 additions and 7 deletions
--- a/tests/Feature/AdminPlatformOrderIndexBackLinkNotEscapedTest.php
+++ b/tests/Feature/AdminPlatformOrderIndexBackLinkNotEscapedTest.php
@@ -38,6 +38,8 @@ class AdminPlatformOrderIndexBackLinkNotEscapedTest extends TestCase

        $this->get('/admin/platform-orders?back=' . urlencode('https://evil.example.com/?x=1&y=2'))
            ->assertOk()
-            ->assertDontSee('返回上一页（保留上下文）');
+            // 页面仍会出现“返回上一页（保留上下文）”文案（其它位置也有，例如治理SOP卡提示），
+            // 因此这里改为断言：不应出现该 external back 的 href。
+            ->assertDontSee('href="https://evil.example.com/?x=1&y=2"', false);
    }
 }