diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 11:21:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 11:21:44 +0000 |
commit | 9fee2c5a068e9439136ff362b89d25640c9e44a7 (patch) | |
tree | 4f4f5dbe3c592b3d879be6795cc9bde611dc50fa | |
parent | 78f7a11fbc5d29dcb1ae882ae0331407b9872d6a (diff) | |
download | gitlab-ce-9fee2c5a068e9439136ff362b89d25640c9e44a7.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-8-stable-ee
-rw-r--r-- | lib/gitlab/url_sanitizer.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb index 79e124a58f5..da078cc7b92 100644 --- a/lib/gitlab/url_sanitizer.rb +++ b/lib/gitlab/url_sanitizer.rb @@ -7,7 +7,7 @@ module Gitlab ALLOWED_SCHEMES = %w[http https ssh git].freeze ALLOWED_WEB_SCHEMES = %w[http https].freeze SCHEMIFIED_SCHEME = 'glschemelessuri' - SCHEMIFY_PLACEHOLDER = "#{SCHEMIFIED_SCHEME}://".freeze + SCHEMIFY_PLACEHOLDER = "#{SCHEMIFIED_SCHEME}://" # URI::DEFAULT_PARSER.make_regexp will only match URLs with schemes or # relative URLs. This section will match schemeless URIs with userinfo # e.g. user:pass@gitlab.com but will not match scp-style URIs e.g. @@ -25,7 +25,7 @@ module Gitlab (?!#{URI::REGEXP::PATTERN::HOST}:(?:#{URI::REGEXP::PATTERN::REL_PATH}|#{URI::REGEXP::PATTERN::ABS_PATH})) #{URI::REGEXP::PATTERN::HOSTPORT} ) - }x + }x.freeze def self.sanitize(content) content.gsub(URI_REGEXP) do |url| |