

























@@ -376,25 +376,52 @@ describe("loadWebMedia", () => {
376376expect(result.contentType).toBe("text/markdown");
377377});
378378379-it("allows host-read ZIP files", async () => {
380-const zipFile = path.join(fixtureRoot, "archive.zip");
381-// Write valid ZIP magic bytes (PK\x03\x04) with minimal empty ZIP structure.
382-// file-type detects application/zip from these magic bytes.
383-await fs.writeFile(zipFile, Buffer.from([0x50, 0x4b, 0x03, 0x04]));
384-const result = await loadWebMedia(zipFile, {
379+it.each([
380+{
381+label: "ZIP",
382+fileName: "archive.zip",
383+contentType: "application/zip",
384+buffer: Buffer.from([0x50, 0x4b, 0x03, 0x04]),
385+},
386+{
387+label: "gzip",
388+fileName: "archive.gz",
389+contentType: "application/gzip",
390+buffer: Buffer.from([0x1f, 0x8b, 0x08, 0x00, 0, 0, 0, 0, 0, 0x03]),
391+},
392+{
393+label: "tar",
394+fileName: "archive.tar",
395+contentType: "application/x-tar",
396+buffer: (() => {
397+const buffer = Buffer.alloc(512);
398+buffer.write("ustar", 257, "ascii");
399+return buffer;
400+})(),
401+},
402+{
403+label: "7z",
404+fileName: "archive.7z",
405+contentType: "application/x-7z-compressed",
406+buffer: Buffer.from([0x37, 0x7a, 0xbc, 0xaf, 0x27, 0x1c, 0, 4]),
407+},
408+])("allows host-read $label files", async ({ fileName, contentType, buffer }) => {
409+const archiveFile = path.join(fixtureRoot, fileName);
410+await fs.writeFile(archiveFile, buffer);
411+const result = await loadWebMedia(archiveFile, {
385412maxBytes: 1024 * 1024,
386413localRoots: "any",
387414readFile: async (filePath) => await fs.readFile(filePath),
388415hostReadCapability: true,
389416});
390417expect(result.kind).toBe("document");
391-expect(result.contentType).toBe("application/zip");
418+expect(result.contentType).toBe(contentType);
392419});
393420394421it("rejects binary data disguised as a CSV file", async () => {
395422const fakeCsv = path.join(fixtureRoot, "evil.csv");
396-// Write ZIP magic bytes — file-type detects application/zip (not image, not CSV),
397-// so it is rejected by the host-read policy rather than allowed as an image.
423+// Declared plain-text aliases must use the text validator path even when the
424+// buffer sniffs as an otherwise allowed archive type.
398425await fs.writeFile(fakeCsv, Buffer.from([0x50, 0x4b, 0x03, 0x04]));
399426await expectLoadWebMediaErrorCode(
400427loadWebMedia(fakeCsv, {
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。