diff options
| author | Brett Walker <bwalker@gitlab.com> | 2019-02-04 10:23:27 -0600 |
|---|---|---|
| committer | Brett Walker <bwalker@gitlab.com> | 2019-02-22 17:55:00 -0600 |
| commit | c360384ce6f87fb0b6be0771b9f1d957e4fe3b0f (patch) | |
| tree | 5b4afd94555ae0de11723465c12a577dd0bfa78d | |
| parent | c46c62c51316da73724848b5f0dcb5aba82475e2 (diff) | |
| download | gitlab-ce-c360384ce6f87fb0b6be0771b9f1d957e4fe3b0f.tar.gz | |
Catch possible Addressable::URI::InvalidURIError
| -rw-r--r-- | changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml | 5 | ||||
| -rw-r--r-- | lib/banzai/filter/autolink_filter.rb | 6 | ||||
| -rw-r--r-- | spec/lib/banzai/filter/autolink_filter_spec.rb | 7 |
3 files changed, 17 insertions, 1 deletions
diff --git a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml new file mode 100644 index 00000000000..3dcb3e9eb4b --- /dev/null +++ b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml @@ -0,0 +1,5 @@ +--- +title: Fix potential Addressable::URI::InvalidURIError +merge_request: +author: +type: security diff --git a/lib/banzai/filter/autolink_filter.rb b/lib/banzai/filter/autolink_filter.rb index f3061bad4ff..086adf59d2b 100644 --- a/lib/banzai/filter/autolink_filter.rb +++ b/lib/banzai/filter/autolink_filter.rb @@ -114,7 +114,11 @@ module Banzai # Since this came from a Text node, make sure the new href is encoded. # `commonmarker` percent encodes the domains of links it handles, so # do the same (instead of using `normalized_encode`). - href_safe = Addressable::URI.encode(match).html_safe + begin + href_safe = Addressable::URI.encode(match).html_safe + rescue Addressable::URI::InvalidURIError + return uri.to_s + end html_safe_match = match.html_safe options = link_options.merge(href: href_safe) diff --git a/spec/lib/banzai/filter/autolink_filter_spec.rb b/spec/lib/banzai/filter/autolink_filter_spec.rb index 6217381c491..4972c4b4bd2 100644 --- a/spec/lib/banzai/filter/autolink_filter_spec.rb +++ b/spec/lib/banzai/filter/autolink_filter_spec.rb @@ -121,6 +121,13 @@ describe Banzai::Filter::AutolinkFilter do expect(doc.to_s).to eq("See #{link}") end + it 'does not autolink bad URLs after we remove trailing punctuation' do + link = 'http://]' + doc = filter("See #{link}") + + expect(doc.to_s).to eq("See #{link}") + end + it 'does not include trailing punctuation' do ['.', ', ok?', '...', '?', '!', ': is that ok?'].each do |trailing_punctuation| doc = filter("See #{link}#{trailing_punctuation}") |