use open_agent::{ImageBlock, OpenAIContentPart};
#[test]
fn test_from_image_requires_validated_imageblock() {
let image_block =
ImageBlock::from_url("https://example.com/image.jpg").expect("Valid HTTPS URL should pass");
let content_part = OpenAIContentPart::from_image(&image_block);
let json = serde_json::to_value(&content_part).expect("Should serialize");
assert_eq!(json["type"], "image_url");
assert_eq!(json["image_url"]["url"], "https://example.com/image.jpg");
}
#[test]
fn test_javascript_uri_cannot_bypass_validation() {
let result = ImageBlock::from_url("javascript:alert('XSS')");
assert!(result.is_err(), "JavaScript URI should be rejected");
}
#[test]
fn test_file_uri_cannot_bypass_validation() {
let result = ImageBlock::from_url("file:///etc/passwd");
assert!(result.is_err(), "File URI should be rejected");
}
#[test]
fn test_data_uri_with_validated_base64() {
let base64_data = "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==";
let image_block =
ImageBlock::from_base64(base64_data, "image/png").expect("Valid base64 should pass");
let content_part = OpenAIContentPart::from_image(&image_block);
let json = serde_json::to_value(&content_part).expect("Should serialize");
assert_eq!(json["type"], "image_url");
assert!(
json["image_url"]["url"]
.as_str()
.unwrap()
.starts_with("data:image/png;base64,")
);
}