diff options
author | Makoto Scott-Hinkle <makoto.scotthinkle@gmail.com> | 2016-10-01 13:53:08 -0700 |
---|---|---|
committer | Makoto Scott-Hinkle <makoto.scotthinkle@gmail.com> | 2016-12-21 08:34:30 -0800 |
commit | 15d83f6ae2e3b52a79e761a63c86907a6161acec (patch) | |
tree | ef5d9cd4c3622a38eb5d1c9aa87f857ab40fe113 | |
parent | 8bdecf8e1876ec7f12bb2b9fffe821a6c2709e86 (diff) | |
download | gitlab-ce-15d83f6ae2e3b52a79e761a63c86907a6161acec.tar.gz |
Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742.
-rw-r--r-- | changelogs/unreleased/22742-filter-protocol-relative-urls.yml | 4 | ||||
-rw-r--r-- | lib/banzai/filter/external_link_filter.rb | 2 | ||||
-rw-r--r-- | spec/lib/banzai/filter/external_link_filter_spec.rb | 14 |
3 files changed, 19 insertions, 1 deletions
diff --git a/changelogs/unreleased/22742-filter-protocol-relative-urls.yml b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml new file mode 100644 index 00000000000..b331f5a4eb5 --- /dev/null +++ b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml @@ -0,0 +1,4 @@ +--- +title: 'Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742' +merge_request: 6635 +author: Makoto Scott-Hinkle diff --git a/lib/banzai/filter/external_link_filter.rb b/lib/banzai/filter/external_link_filter.rb index 2f19b59e725..d67d466bce8 100644 --- a/lib/banzai/filter/external_link_filter.rb +++ b/lib/banzai/filter/external_link_filter.rb @@ -10,7 +10,7 @@ module Banzai node.set_attribute('href', href) end - if href =~ /\Ahttp(s)?:\/\// && external_url?(href) + if href =~ %r{\A(https?:)?//[^/]} && external_url?(href) node.set_attribute('rel', 'nofollow noreferrer') node.set_attribute('target', '_blank') end diff --git a/spec/lib/banzai/filter/external_link_filter_spec.rb b/spec/lib/banzai/filter/external_link_filter_spec.rb index 167397c736b..d9e4525cb28 100644 --- a/spec/lib/banzai/filter/external_link_filter_spec.rb +++ b/spec/lib/banzai/filter/external_link_filter_spec.rb @@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do expect(filter(act).to_html).to eq(exp) end end + + context 'for protocol-relative links' do + let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) } + + it 'adds rel="nofollow" to external links' do + expect(doc.at_css('a')).to have_attribute('rel') + expect(doc.at_css('a')['rel']).to include 'nofollow' + end + + it 'adds rel="noreferrer" to external links' do + expect(doc.at_css('a')).to have_attribute('rel') + expect(doc.at_css('a')['rel']).to include 'noreferrer' + end + end end |