summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2017-12-25 18:24:59 +0000
committerRobert Speicher <robert@gitlab.com>2017-12-25 18:24:59 +0000
commit29749f92b7f86d45af41509262601e47ee848d92 (patch)
tree3b01637c6c32ff6dde676918eb3db900084b5a99
parent5e6dd15a996f57d7a8760f4c9c1dbd7beeeaadff (diff)
parent0faf772b6cfd691e16d529051a8901627a660a7a (diff)
downloadgitlab-ce-29749f92b7f86d45af41509262601e47ee848d92.tar.gz
Merge branch 'sh-catch-invalid-uri-markdown' into 'master'
Gracefully handle garbled URIs in Markdown Closes #41442 See merge request gitlab-org/gitlab-ce!16123
-rw-r--r--changelogs/unreleased/sh-catch-invalid-uri-markdown.yml5
-rw-r--r--lib/banzai/filter/relative_link_filter.rb2
-rw-r--r--spec/lib/banzai/filter/relative_link_filter_spec.rb5
3 files changed, 11 insertions, 1 deletions
diff --git a/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml b/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml
new file mode 100644
index 00000000000..9b0233fe988
--- /dev/null
+++ b/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml
@@ -0,0 +1,5 @@
+---
+title: Gracefully handle garbled URIs in Markdown
+merge_request:
+author:
+type: fixed
diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb
index c1f933ec54b..5c197afd782 100644
--- a/lib/banzai/filter/relative_link_filter.rb
+++ b/lib/banzai/filter/relative_link_filter.rb
@@ -66,7 +66,7 @@ module Banzai
if uri.relative? && uri.path.present?
html_attr.value = rebuild_relative_uri(uri).to_s
end
- rescue URI::Error
+ rescue URI::Error, Addressable::URI::InvalidURIError
# noop
end
diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb
index ef306f1cd4a..f38f0776303 100644
--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -76,6 +76,11 @@ describe Banzai::Filter::RelativeLinkFilter do
expect { filter(act) }.not_to raise_error
end
+ it 'does not raise an exception with a garbled path' do
+ act = link("open(/var/tmp/):%20/location%0Afrom:%20/test")
+ expect { filter(act) }.not_to raise_error
+ end
+
it 'ignores ref if commit is passed' do
doc = filter(link('non/existent.file'), commit: project.commit('empty-branch') )
expect(doc.at_css('a')['href'])