diff options
author | Brett Walker <bwalker@gitlab.com> | 2019-02-04 10:23:27 -0600 |
---|---|---|
committer | Brett Walker <bwalker@gitlab.com> | 2019-02-22 12:13:11 -0600 |
commit | e399fb69f9188c6bfd46088cd3732f8fae0a3a90 (patch) | |
tree | 2afa21be1b54618e8148caf11ec02227bcfc6c47 | |
parent | c5b5b18b3f1c5b683ceb4471e667d675de9200eb (diff) | |
download | gitlab-ce-e399fb69f9188c6bfd46088cd3732f8fae0a3a90.tar.gz |
Catch possible Addressable::URI::InvalidURIError
-rw-r--r-- | changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml | 5 | ||||
-rw-r--r-- | lib/banzai/filter/autolink_filter.rb | 6 | ||||
-rw-r--r-- | spec/lib/banzai/filter/autolink_filter_spec.rb | 7 |
3 files changed, 17 insertions, 1 deletions
diff --git a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml new file mode 100644 index 00000000000..3dcb3e9eb4b --- /dev/null +++ b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml @@ -0,0 +1,5 @@ +--- +title: Fix potential Addressable::URI::InvalidURIError +merge_request: +author: +type: security diff --git a/lib/banzai/filter/autolink_filter.rb b/lib/banzai/filter/autolink_filter.rb index f3061bad4ff..086adf59d2b 100644 --- a/lib/banzai/filter/autolink_filter.rb +++ b/lib/banzai/filter/autolink_filter.rb @@ -114,7 +114,11 @@ module Banzai # Since this came from a Text node, make sure the new href is encoded. # `commonmarker` percent encodes the domains of links it handles, so # do the same (instead of using `normalized_encode`). - href_safe = Addressable::URI.encode(match).html_safe + begin + href_safe = Addressable::URI.encode(match).html_safe + rescue Addressable::URI::InvalidURIError + return uri.to_s + end html_safe_match = match.html_safe options = link_options.merge(href: href_safe) diff --git a/spec/lib/banzai/filter/autolink_filter_spec.rb b/spec/lib/banzai/filter/autolink_filter_spec.rb index 6217381c491..4972c4b4bd2 100644 --- a/spec/lib/banzai/filter/autolink_filter_spec.rb +++ b/spec/lib/banzai/filter/autolink_filter_spec.rb @@ -121,6 +121,13 @@ describe Banzai::Filter::AutolinkFilter do expect(doc.to_s).to eq("See #{link}") end + it 'does not autolink bad URLs after we remove trailing punctuation' do + link = 'http://]' + doc = filter("See #{link}") + + expect(doc.to_s).to eq("See #{link}") + end + it 'does not include trailing punctuation' do ['.', ', ok?', '...', '?', '!', ': is that ok?'].each do |trailing_punctuation| doc = filter("See #{link}#{trailing_punctuation}") |