diff options
| author | Sean McGivern <sean@gitlab.com> | 2018-03-28 12:56:11 +0100 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2018-03-28 14:23:47 +0100 |
| commit | 3a43cf426af6433ec8d5597da902f1081866796d (patch) | |
| tree | e41e4714d2a0b4bcc6abf20057a3b5d46448a5c8 | |
| parent | cb94afc561c08db1b2312020e9d0a3e2f5837494 (diff) | |
| download | gitlab-ce-3a43cf426af6433ec8d5597da902f1081866796d.tar.gz | |
Fix auto-linking with escaped HTML entities
We displayed the correct text as the link text (without double-encoding), but
didn't do the same for the actual link target, so any link containing an
ampersand would break when auto-linked.
| -rw-r--r-- | changelogs/unreleased/44649-reference-parsing-conflicting-with-auto-linking.yml | 5 | ||||
| -rw-r--r-- | lib/banzai/filter/autolink_filter.rb | 8 | ||||
| -rw-r--r-- | spec/lib/banzai/filter/autolink_filter_spec.rb | 9 |
3 files changed, 20 insertions, 2 deletions
diff --git a/changelogs/unreleased/44649-reference-parsing-conflicting-with-auto-linking.yml b/changelogs/unreleased/44649-reference-parsing-conflicting-with-auto-linking.yml new file mode 100644 index 00000000000..a64b0efa1ed --- /dev/null +++ b/changelogs/unreleased/44649-reference-parsing-conflicting-with-auto-linking.yml @@ -0,0 +1,5 @@ +--- +title: Fix autolinking URLs containing ampersands +merge_request: 18045 +author: +type: fixed diff --git a/lib/banzai/filter/autolink_filter.rb b/lib/banzai/filter/autolink_filter.rb index ce401c1c31c..4a143baeef6 100644 --- a/lib/banzai/filter/autolink_filter.rb +++ b/lib/banzai/filter/autolink_filter.rb @@ -105,8 +105,12 @@ module Banzai end end - options = link_options.merge(href: match) - content_tag(:a, match.html_safe, options) + dropped + # match has come from node.to_html above, so we know it's encoded + # correctly. + html_safe_match = match.html_safe + options = link_options.merge(href: html_safe_match) + + content_tag(:a, html_safe_match, options) + dropped end def autolink_filter(text) diff --git a/spec/lib/banzai/filter/autolink_filter_spec.rb b/spec/lib/banzai/filter/autolink_filter_spec.rb index cbb0089bde7..a50329473ad 100644 --- a/spec/lib/banzai/filter/autolink_filter_spec.rb +++ b/spec/lib/banzai/filter/autolink_filter_spec.rb @@ -167,6 +167,15 @@ describe Banzai::Filter::AutolinkFilter do expect(actual).to eq(expected_complicated_link) end + it 'does not double-encode HTML entities' do + encoded_link = "#{link}?foo=bar&baz=quux" + expected_encoded_link = %Q{<a href="#{encoded_link}">#{encoded_link}</a>} + actual = unescape(filter(encoded_link).to_html) + + expect(actual).to eq(Rinku.auto_link(encoded_link)) + expect(actual).to eq(expected_encoded_link) + end + it 'does not include trailing HTML entities' do doc = filter("See <<<#{link}>>>") |