diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh
index d8f50136..309dc239 100755
--- a/.devcontainer/postCreateCommand.sh
+++ b/.devcontainer/postCreateCommand.sh
@@ -1,9 +1,16 @@
 #!/bin/sh
 
 export PATH="$PATH:$HOME/.composer/vendor/bin"
+export PATH="$PATH:$PWD/vendor/bin"
+echo 'export PATH="$PATH:$HOME/.composer/vendor/bin"' >> ~/.bashrc
+echo 'export PATH="$PATH:$PWD/vendor/bin"' >> ~/.bashrc
 ln -s ./conf.sample.php cfg/conf.php
 composer install --no-dev --optimize-autoloader
 
+# for PHP unit testing
+composer require google/cloud-storage
+composer install --optimize-autoloader
+
 sudo chmod a+x "$(pwd)" && sudo rm -rf /var/www/html && sudo ln -s "$(pwd)" /var/www/html
 
 npm install --global nyc
diff --git a/.gitignore b/.gitignore
index 07ce26ed..09ca72e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,7 @@ vendor/**/tst
 vendor/**/tests
 vendor/**/build_phar.php
 !vendor/**/*.php
+vendor/bin/**
 
 # Ignore local node modules, unit testing logs, api docs and IDE project files
 js/node_modules/
diff --git a/tst/YourlsProxyTest.php b/tst/YourlsProxyTest.php
index 9ceeea35..ecffda6e 100644
--- a/tst/YourlsProxyTest.php
+++ b/tst/YourlsProxyTest.php
@@ -47,6 +47,42 @@ class YourlsProxyTest extends TestCase
         $this->assertEquals($yourls->getUrl(), 'https://example.com/1');
     }
 
+    /**
+     * @dataProvider providerInvalidUrl
+     */
+    public function testImvalidUrl($uri)
+    {
+        $yourls = new YourlsProxy($this->_conf, $uri);
+        $this->assertTrue($yourls->isError());
+        $this->assertEquals($yourls->getError(), 'Invalid URL given.');
+    }
+
+    public function providerInvalidUrl() {
+        return array(
+            array(''),
+            array(' '),
+            array('foo'),
+            array('https://'),
+            array('ftp://example.com/?n=np'),
+            array('https://example.com'), // missing path and query parameter,
+            array('https://example.com/'), // missing query parameter
+            array('https://example.com?paste=something'), // missing path parameter
+        );
+    }
+
+    /**
+     * This tests for a trick using username of an URI, see:
+     * {@see https://cloud.google.com/blog/topics/threat-intelligence/url-obfuscation-schema-abuse/?hl=en}
+     *
+     * @return void
+     */
+    public function testForeignUrlUsingUsernameTrick()
+    {
+        $yourls = new YourlsProxy($this->_conf, 'https://example.com/@foreign.malicious.example?foo#bar');
+        $this->assertTrue($yourls->isError());
+        $this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
+    }
+
     public function testForeignUrl()
     {
         $yourls = new YourlsProxy($this->_conf, 'https://other.example.com/?foo#bar');