diff options
author | Rémy Coutable <remy@rymai.me> | 2016-12-21 18:47:53 +0000 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-12-21 19:34:03 -0200 |
commit | e9f7a26bba75a4bfa91d85cab3595e4478219500 (patch) | |
tree | 7cf76a4cc1264ab37550b4a56e1f81bf29ffbf34 | |
parent | 3d74268b26aab9f9be983f54e6bc39ad60710968 (diff) | |
download | gitlab-ce-e9f7a26bba75a4bfa91d85cab3595e4478219500.tar.gz |
Merge branch '22742-filter-protocol-relative-urls' into 'master'
Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742.
Closes #22742
See merge request !6635
-rw-r--r-- | changelogs/unreleased/22742-filter-protocol-relative-urls.yml | 4 | ||||
-rw-r--r-- | lib/banzai/filter/external_link_filter.rb | 2 | ||||
-rw-r--r-- | spec/lib/banzai/filter/external_link_filter_spec.rb | 14 |
3 files changed, 19 insertions, 1 deletions
diff --git a/changelogs/unreleased/22742-filter-protocol-relative-urls.yml b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml new file mode 100644 index 00000000000..b331f5a4eb5 --- /dev/null +++ b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml @@ -0,0 +1,4 @@ +--- +title: 'Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742' +merge_request: 6635 +author: Makoto Scott-Hinkle diff --git a/lib/banzai/filter/external_link_filter.rb b/lib/banzai/filter/external_link_filter.rb index 2f19b59e725..d67d466bce8 100644 --- a/lib/banzai/filter/external_link_filter.rb +++ b/lib/banzai/filter/external_link_filter.rb @@ -10,7 +10,7 @@ module Banzai node.set_attribute('href', href) end - if href =~ /\Ahttp(s)?:\/\// && external_url?(href) + if href =~ %r{\A(https?:)?//[^/]} && external_url?(href) node.set_attribute('rel', 'nofollow noreferrer') node.set_attribute('target', '_blank') end diff --git a/spec/lib/banzai/filter/external_link_filter_spec.rb b/spec/lib/banzai/filter/external_link_filter_spec.rb index 167397c736b..d9e4525cb28 100644 --- a/spec/lib/banzai/filter/external_link_filter_spec.rb +++ b/spec/lib/banzai/filter/external_link_filter_spec.rb @@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do expect(filter(act).to_html).to eq(exp) end end + + context 'for protocol-relative links' do + let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) } + + it 'adds rel="nofollow" to external links' do + expect(doc.at_css('a')).to have_attribute('rel') + expect(doc.at_css('a')['rel']).to include 'nofollow' + end + + it 'adds rel="noreferrer" to external links' do + expect(doc.at_css('a')).to have_attribute('rel') + expect(doc.at_css('a')['rel']).to include 'noreferrer' + end + end end |