From 49ae89fb47c3fa11fc779a7739152b3451aa8d0f Mon Sep 17 00:00:00 2001
From: Evan Hahn <69474926+EvanHahn-Signal@users.noreply.github.com>
Date: Wed, 5 May 2021 11:22:16 -0500
Subject: [PATCH] Mark links with a password as "sneaky"

---
 js/modules/link_previews.js        | 2 +-
 test/modules/link_previews_test.js | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/js/modules/link_previews.js b/js/modules/link_previews.js
index 22ceeca317..6dd0b49b5d 100644
--- a/js/modules/link_previews.js
+++ b/js/modules/link_previews.js
@@ -117,7 +117,7 @@ function isLinkSneaky(href) {
   }
 
   // Any links which contain auth are considered sneaky
-  if (url.username) {
+  if (url.username || url.password) {
     return true;
   }
 
diff --git a/test/modules/link_previews_test.js b/test/modules/link_previews_test.js
index d655d1b6a9..738787b7aa 100644
--- a/test/modules/link_previews_test.js
+++ b/test/modules/link_previews_test.js
@@ -148,6 +148,8 @@ describe('Link previews', () => {
     describe('auth', () => {
       it('returns true for hrefs with auth (or pretend auth)', () => {
         assert.isTrue(isLinkSneaky('https://user:pass@example.com'));
+        assert.isTrue(isLinkSneaky('https://user:@example.com'));
+        assert.isTrue(isLinkSneaky('https://:pass@example.com'));
         assert.isTrue(
           isLinkSneaky('http://whatever.com&login=someuser@77777777')
         );