diff options
| author | Lin Jen-Shin <godfat@godfat.org> | 2017-09-28 22:03:20 +0800 |
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2017-09-28 22:03:20 +0800 |
| commit | cffc28eca578a005a8e1256c2830c6e2bb9f2239 (patch) | |
| tree | be55fe42fead28c67ac9e3bd04b9d8ee992ad226 | |
| parent | 87328fa978ad9db14cd639f1ab636a0af82fa951 (diff) | |
| download | gitlab-ce-cffc28eca578a005a8e1256c2830c6e2bb9f2239.tar.gz | |
Strip before passing to addressable, otherwise it's invalid
| -rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index 88b17e12576..d8c8deea628 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -73,8 +73,9 @@ module Banzai return unless node.has_attribute?('href') begin + node['href'] = node['href'].strip uri = Addressable::URI.parse(node['href']) - uri.scheme = uri.scheme.strip.downcase if uri.scheme + uri.scheme = uri.scheme.downcase if uri.scheme node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme) rescue Addressable::URI::InvalidURIError |