BLD-408: Don't allow users to enter video url's in http.

6cb5c390 · polesye · Valera Rozuvan · 80c83f0b · 6cb5c390 · 6cb5c390
Commit 6cb5c390 authored Oct 25, 2013 by polesye Committed by Valera Rozuvan Oct 30, 2013
7 changed files
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,8 @@ These are notable changes in edx-platform.  This is a rolling list of changes,
 in roughly chronological order, most recent first.  Add your entries at or near
 the top.  Include a label indicating the component affected.
+Blades: Disallow users to enter video url's in http.
 Blades: Fix bug when the speed can only be changed when the video is playing.
 LMS: Change bulk email implementation to use less memory, and to better handle

--- a/cms/djangoapps/contentstore/features/transcripts.feature
+++ b/cms/djangoapps/contentstore/features/transcripts.feature
@@ -22,8 +22,8 @@ Feature: Video Component Editor
        And I edit the component
        #User inputs html5 links with equal extension
-        And I enter a "123.webm" source to field number 1
+        And I enter a "https://domain.org/123.webm" source to field number 1
-        And I enter a "456.webm" source to field number 2
+        And I enter a "https://domain.org/456.webm" source to field number 2
        Then I see error message "file_type"
        # Currently we are working with 2nd field. It means, that if 2nd field
        # contain incorrect value, 1st and 3rd fields should be disabled until
@@ -35,6 +35,8 @@ Feature: Video Component Editor
        #User input URL with incorrect format
        And I enter a "htt://link.c" source to field number 1
        Then I see error message "url_format"
+        And I enter a "http://domain.org/123.mp4" source to field number 1
+        Then I see error message "url_format"
        # Currently we are working with 1st field. It means, that if 1st field
        # contain incorrect value, 2nd and 3rd fields should be disabled until
        # 1st field will be filled by correct correct value
@@ -120,7 +122,7 @@ Feature: Video Component Editor
        Given I have created a Video component
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "not found"
        And I see value "" in the field "HTML5 Transcript"
@@ -129,7 +131,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "found"
        And I see value "t_not_exist" in the field "HTML5 Transcript"
@@ -141,7 +143,7 @@ Feature: Video Component Editor
        And I enter a "http://youtu.be/t_not_exist" source to field number 1
        Then I see status message "found"
-        And I enter a "test_video_name.mp4" source to field number 2
+        And I enter a "https://domain.org/test_video_name.mp4" source to field number 2
        Then I see status message "found"
        And I see value "t_not_exist" in the field "HTML5 Transcript"
@@ -156,7 +158,7 @@ Feature: Video Component Editor
        And I click transcript button "import"
        Then I see status message "found"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "found"
        And I see value "t__eq_exist" in the field "HTML5 Transcript"
@@ -170,12 +172,12 @@ Feature: Video Component Editor
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "not found"
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_not_exist.webm" source to field number 3
        Then I see status message "not found"
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
@@ -188,11 +190,11 @@ Feature: Video Component Editor
        Then I see status message "not found"
        And I see button "disabled_download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "not found"
        And I see button "upload_new_timed_transcripts"
        And I see button "disabled_download_to_edit"
-        And I enter a "t_not_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_not_exist.webm" source to field number 3
        Then I see status message "not found"
        And I see button "disabled_download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -209,12 +211,12 @@ Feature: Video Component Editor
        Then I see status message "found"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_not_exist.webm" source to field number 3
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -229,12 +231,12 @@ Feature: Video Component Editor
        And I see button "disabled_download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "not found"
        And I see button "disabled_download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_neq_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_neq_exist.webm" source to field number 3
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -249,12 +251,12 @@ Feature: Video Component Editor
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "not found"
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_neq_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_neq_exist.webm" source to field number 3
        Then I see status message "not found"
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
@@ -269,12 +271,12 @@ Feature: Video Component Editor
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_neq_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_neq_exist.mp4" source to field number 2
        Then I see status message "not found"
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_not_exist.webm" source to field number 3
        Then I see status message "not found"
        And I see button "import"
        And I see button "upload_new_timed_transcripts"
@@ -291,12 +293,12 @@ Feature: Video Component Editor
        Then I see status message "found"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_neq_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_neq_exist.mp4" source to field number 2
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_not_exist.webm" source to field number 3
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -313,12 +315,12 @@ Feature: Video Component Editor
        Then I see status message "found"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_not_exist.mp4" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 2
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "t_neq_exist.webm" source to field number 3
+        And I enter a "https://domain.org/t_neq_exist.webm" source to field number 3
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -328,7 +330,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t__eq_exist"
        And I edit the component
-        And I enter a "t__eq_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t__eq_exist.mp4" source to field number 1
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -343,7 +345,7 @@ Feature: Video Component Editor
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "test_transcripts.webm" source to field number 3
+        And I enter a "https://domain.org/test_transcripts.webm" source to field number 3
        Then I see status message "found"
    #20
@@ -351,7 +353,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "test_transcripts.mp4" source to field number 1
+        And I enter a "https://domain.org/test_transcripts.mp4" source to field number 1
        Then I see status message "not found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -359,7 +361,7 @@ Feature: Video Component Editor
        Then I see status message "uploaded_successfully"
        And I see value "test_transcripts" in the field "HTML5 Transcript"
-        And I enter a "t_not_exist.webm" source to field number 2
+        And I enter a "https://domain.org/t_not_exist.webm" source to field number 2
        Then I see status message "replace"
        And I see choose button "test_transcripts.mp4" number 1
@@ -372,7 +374,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -381,13 +383,13 @@ Feature: Video Component Editor
        And I save changes
        And I edit the component
-        And I enter a "video_name_2.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_2.mp4" source to field number 1
        Then I see status message "use existing"
        And I see button "use_existing"
        And I click transcript button "use_existing"
        And I see value "video_name_2" in the field "HTML5 Transcript"
-        And I enter a "video_name_3.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_3.mp4" source to field number 1
        Then I see status message "use existing"
        And I see button "use_existing"
        And I click transcript button "use_existing"
@@ -398,7 +400,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -407,17 +409,17 @@ Feature: Video Component Editor
        And I save changes
        And I edit the component
-        And I enter a "video_name_2.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_2.mp4" source to field number 1
        Then I see status message "use existing"
        And I see button "use_existing"
        And I click transcript button "use_existing"
        And I see value "video_name_2" in the field "HTML5 Transcript"
-        And I enter a "video_name_3.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_3.mp4" source to field number 1
        Then I see status message "use existing"
        And I see button "use_existing"
-        And I enter a "video_name_4.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_4.mp4" source to field number 1
        Then I see status message "use existing"
        And I see button "use_existing"
        And I click transcript button "use_existing"
@@ -428,7 +430,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "found"
        And I see button "download_to_edit"
        And I see button "upload_new_timed_transcripts"
@@ -436,11 +438,11 @@ Feature: Video Component Editor
        And I save changes
        And I edit the component
-        And I enter a "video_name_2.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_2.mp4" source to field number 1
        Then I see status message "use existing"
        And I see button "use_existing"
-        And I enter a "video_name_3.webm" source to field number 2
+        And I enter a "https://domain.org/video_name_3.webm" source to field number 2
        Then I see status message "use existing"
        And I see button "use_existing"
        And I click transcript button "use_existing"
@@ -451,7 +453,7 @@ Feature: Video Component Editor
        Given I have created a Video component
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        And I see status message "not found"
        And I upload the transcripts file "test_transcripts.srt"
        Then I see status message "uploaded_successfully"
@@ -471,7 +473,7 @@ Feature: Video Component Editor
        Given I have created a Video component
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        Then I see status message "not found"
    #26
@@ -479,10 +481,10 @@ Feature: Video Component Editor
        Given I have created a Video component
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        And I see status message "not found"
-        And I enter a "video_name_2.webm" source to field number 2
+        And I enter a "https://domain.org/video_name_2.webm" source to field number 2
        And I see status message "not found"
        And I upload the transcripts file "test_transcripts.srt"
        Then I see status message "uploaded_successfully"
@@ -518,7 +520,7 @@ Feature: Video Component Editor
        Then I see status message "not found"
        And I see button "upload_new_timed_transcripts"
-        And I enter a "video_name_1.mp4" source to field number 2
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 2
        Then I see status message "not found"
        And I see button "upload_new_timed_transcripts"
@@ -538,7 +540,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        Then I see status message "not found"
        And I open tab "Advanced"
@@ -556,7 +558,7 @@ Feature: Video Component Editor
        Given I have created a Video component
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        Then I see status message "not found"
        And I upload the transcripts file "chinese_transcripts.srt"
@@ -570,7 +572,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        Then I see status message "not found"
        And I open tab "Advanced"
@@ -590,7 +592,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "found"
        And I open tab "Advanced"
@@ -610,7 +612,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "t_not_exist.mp4" source to field number 1
+        And I enter a "https://domain.org/t_not_exist.mp4" source to field number 1
        Then I see status message "found"
        And I save changes
@@ -633,7 +635,7 @@ Feature: Video Component Editor
        Given I have created a Video component with subtitles "t_not_exist"
        And I edit the component
-        And I enter a "video_name_1.mp4" source to field number 1
+        And I enter a "https://domain.org/video_name_1.mp4" source to field number 1
        Then I see status message "not found"
        And I upload the transcripts file "chinese_transcripts.srt"

--- a/cms/djangoapps/contentstore/views/item.py
+++ b/cms/djangoapps/contentstore/views/item.py
@@ -2,8 +2,9 @@
 import logging
 from uuid import uuid4
+from requests.packages.urllib3.util import parse_url
-from django.core.exceptions import PermissionDenied
+from django.core.exceptions import PermissionDenied, ValidationError
 from django.contrib.auth.decorators import login_required
 from xmodule.modulestore import Location
@@ -107,6 +108,17 @@ def save_item(request):
                except ValueError:
                    return JsonResponse({"error": "Invalid data"}, 400)
                field.write_to(existing_item, value)
+            if existing_item.category == 'video':
+                allowedSchemes = ['https']
+                # The entire site is served from https, so browsers with good
+                # security will reject non-https URLs anyway.
+                # Also, following video module specific code is here, because front-end
+                # metadata fields doesn't support validation.
+                if metadata_key == 'html5_sources' and not all([parse_url(u).scheme in allowedSchemes for u in value]):
+                    raise ValidationError(u'HTML5 video sources support following protocols: {0}.'.format(' '.join(allowedSchemes)))
        # Save the data that we've just changed to the underlying
        # MongoKeyValueStore before we update the mongo datastore.
        existing_item.save()

--- a/cms/static/js/views/transcripts/utils.js
+++ b/cms/static/js/views/transcripts/utils.js
@@ -145,7 +145,8 @@ define(["jquery", "underscore", "jquery.ajaxQueue"], function($, _) {
                }
                var link = document.createElement('a'),
-                    match;
+                    allowedProtocols = ['https'],
+                    match, protocol;
                link.href = url;
                match = link.pathname
@@ -153,7 +154,8 @@ define(["jquery", "underscore", "jquery.ajaxQueue"], function($, _) {
                            .pop()
                            .match(/(.+)\.(mp4|webm)$/);
-                if (match) {
+                protocol = link.protocol.slice(0, -1);
+                if (match && $.inArray(protocol, allowedProtocols) !== -1) {
                    cache[url] = {
                        video: match[1],
                        type: match[2]

--- a/cms/static/js_spec/transcripts/editor_spec.js
+++ b/cms/static/js_spec/transcripts/editor_spec.js
@@ -18,8 +18,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                type: MetadataModel.VIDEO_LIST_TYPE,
                value: [
                    'http://youtu.be/12345678901',
-                    'video.mp4',
+                    'https://domain.com/video.mp4',
-                    'video.webm'
+                    'https://domain.com/video.webm'
                ]
            },
            DisplayNameEntry = {
@@ -116,7 +116,10 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    help: 'A list of html5 sources.',
                    options: [],
                    type: MetadataModel.LIST_TYPE,
-                    value: ['default.mp4', 'default.webm']
+                    value: [
+                        'https://domain.com/default.mp4',
+                        'https://domain.com/default.webm'
+                    ]
                },
                youtubeEntry = {
@@ -169,17 +172,14 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    }, "Defaults never loaded", 1000);
                    runs(function() {
+                        var displayNameValue = collection[0].getValue(),
-                        var displayNameValue = collection[0].getValue();
+                            videoUrlValue = collection[1].getValue();
-                        var videoUrlValue = collection[1].getValue();
                        expect(displayNameValue).toBe('default');
                        expect(videoUrlValue).toEqual([
                            'http://youtu.be/OEoXaMPEzfM',
-                            'default.mp4',
+                            'https://domain.com/default.mp4',
-                            'default.webm'
+                            'https://domain.com/default.webm'
                        ]);
-                    });
                });
                it('If metadataCollection is not defined', function () {
@@ -190,8 +190,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    expect(videoUrlValue).toEqual([
                        'http://youtu.be/12345678901',
-                        'video.mp4',
+                        'https://domain.com/video.mp4',
-                        'video.webm'
+                        'https://domain.com/video.webm'
                    ]);
                });
@@ -202,8 +202,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    model.setValue([
                        '12345678',
-                        'default.mp4',
+                        'https://domain.com/default.mp4',
-                        'default.webm'
+                        'https://domain.com/default.webm'
                    ]);
                    transcripts.syncBasicTab(metadataCollection, metadataView);
@@ -213,8 +213,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    expect(videoUrlValue).toEqual([
                        '',
-                        'default.mp4',
+                        'https://domain.com/default.mp4',
-                        'default.webm'
+                        'https://domain.com/default.webm'
                    ]);
                });
            });
@@ -232,16 +232,16 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    runs(function() {
-                        var displayNameValue = collection[0].getValue();
+                        var displayNameValue = collection[0].getValue(),
-                        var subValue = collection[1].getValue();
+                            subValue = collection[1].getValue(),
-                        var html5SourcesValue = collection[2].getValue();
+                            html5SourcesValue = collection[2].getValue(),
-                        var youtubeValue = collection[3].getValue();
+                            youtubeValue = collection[3].getValue();
                        expect(displayNameValue).toBe('display value');
                        expect(subValue).toBe('default');
                        expect(html5SourcesValue).toEqual([
-                            'video.mp4',
+                            'https://domain.com/video.mp4',
-                            'video.webm'
+                            'https://domain.com/video.webm'
                        ]);
                        expect(youtubeValue).toBe('12345678901');
                    });
@@ -259,8 +259,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    expect(displayNameValue).toBe('default');
                    expect(subValue).toBe('default');
                    expect(html5SourcesValue).toEqual([
-                        'default.mp4',
+                        'https://domain.com/default.mp4',
-                        'default.webm'
+                        'https://domain.com/default.webm'
                    ]);
                    expect(youtubeValue).toBe('OEoXaMPEzfM');
                });
@@ -269,8 +269,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                    var model = transcripts.collection.models[1];
                    model.setValue([
-                        'video.mp4',
+                        'https://domain.com/video.mp4',
-                        'video.webm'
+                        'https://domain.com/video.webm'
                    ]);
                    transcripts.syncAdvancedTab(metadataCollection);
@@ -280,8 +280,8 @@ function ($, Backbone, _, Utils, Editor, MetadataView, MetadataModel, MetadataCo
                        youtubeValue = collection[3].getValue();
                    expect(html5SourcesValue).toEqual([
-                        'video.mp4',
+                        'https://domain.com/video.mp4',
-                        'video.webm'
+                        'https://domain.com/video.webm'
                    ]);
                    expect(youtubeValue).toBe('');
                });

--- a/cms/static/js_spec/transcripts/utils_spec.js
+++ b/cms/static/js_spec/transcripts/utils_spec.js
@@ -24,17 +24,13 @@ function ($, _, Utils, _str) {
            } (videoId)),
            html5FileName = 'file_name',
-            html5LinksList =  (function (videoName) {
+            html5LinksList = (function (videoName) {
                var videoTypes = ['mp4', 'webm'],
                    links = [
-                        'http://somelink.com/%s.%s?param=1&param=2#hash',
+                        'https://somelink.com/%s.%s?param=1&param=2#hash',
-                        'http://somelink.com/%s.%s#hash',
+                        'https://somelink.com/%s.%s#hash',
-                        'http://somelink.com/%s.%s?param=1&param=2',
+                        'https://somelink.com/%s.%s?param=1&param=2',
-                        'http://somelink.com/%s.%s',
+                        'https://somelink.com/%s.%s'
-                        'ftp://somelink.com/%s.%s',
-                        'https://somelink.com/%s.%s',
-                        'somelink.com/%s.%s',
-                         '%s.%s'
                    ],
                    data = {};
@@ -190,7 +186,12 @@ function ($, _, Utils, _str) {
                    'http://google.com/somevideo_mp4',
                    'http://google.com/somevideo:mp4',
                    'http://google.com/somevideo',
-                    'http://google.com/somevideo.webm_'
+                    'http://google.com/somevideo.webm_',
+                    'http://somelink.com/video_name.mp4?param=1&param=2#hash',
+                    'http://somelink.com/video_name.webm',
+                    'ftp://somelink.com/video_name.mp4',
+                    'somelink.com/video_name.webm',
+                    'video_name.mp4'
                ];
                $.each(html5WrongUrls, function (index, link) {

--- a/cms/static/js_spec/transcripts/videolist_spec.js
+++ b/cms/static/js_spec/transcripts/videolist_spec.js
@@ -41,9 +41,9 @@ function ($, _, Utils, VideoList, MessageManager, MetadataView, MetadataModel, A
                options: [],
                type: MetadataModel.VIDEO_LIST_TYPE,
                value: [
-                    'http://youtu.be/12345678901',
+                    'https://youtu.be/12345678901',
-                    'video.mp4',
+                    'https://domain.com/video.mp4',
-                    'video.webm'
+                    'https://domain.com/video.webm'
                ]
            },
            response = JSON.stringify({
@@ -408,8 +408,8 @@ function ($, _, Utils, VideoList, MessageManager, MetadataView, MetadataModel, A
            view.setValueInEditor([
                'http://youtu.be/12345678901',
-                'video.mp4',
+                'https://domain.com/video.mp4',
-                'video'
+                'https://domain.com/video'
            ]);
            expect(view).assertIsCorrectVideoList(value);
        });