Fix auto-linking with escaped HTML entities

We displayed the correct text as the link text (without double-encoding), but didn't do the same for the actual link target, so any link containing an ampersand would break when auto-linked.
author: Sean McGivern <sean@gitlab.com> 2018-03-28 12:56:11 +0100
committer: Sean McGivern <sean@gitlab.com> 2018-03-28 14:23:47 +0100
commit: 3a43cf426af6433ec8d5597da902f1081866796d (patch)
tree: e41e4714d2a0b4bcc6abf20057a3b5d46448a5c8 /lib/banzai/filter/autolink_filter.rb
parent: cb94afc561c08db1b2312020e9d0a3e2f5837494 (diff)
download: gitlab-ce-3a43cf426af6433ec8d5597da902f1081866796d.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/banzai/filter/autolink_filter.rb b/lib/banzai/filter/autolink_filter.rb
index ce401c1c31c..4a143baeef6 100644
--- a/lib/banzai/filter/autolink_filter.rb
+++ b/lib/banzai/filter/autolink_filter.rb
@@ -105,8 +105,12 @@ module Banzai
           end
         end
 
-        options = link_options.merge(href: match)
-        content_tag(:a, match.html_safe, options) + dropped
+        # match has come from node.to_html above, so we know it's encoded
+        # correctly.
+        html_safe_match = match.html_safe
+        options = link_options.merge(href: html_safe_match)
+
+        content_tag(:a, html_safe_match, options) + dropped
       end
 
       def autolink_filter(text)
author	Sean McGivern <sean@gitlab.com>	2018-03-28 12:56:11 +0100
committer	Sean McGivern <sean@gitlab.com>	2018-03-28 14:23:47 +0100
commit	3a43cf426af6433ec8d5597da902f1081866796d (patch)
tree	e41e4714d2a0b4bcc6abf20057a3b5d46448a5c8 /lib/banzai/filter/autolink_filter.rb
parent	cb94afc561c08db1b2312020e9d0a3e2f5837494 (diff)
download	gitlab-ce-3a43cf426af6433ec8d5597da902f1081866796d.tar.gz