diff options
| author | winniehell <git@winniehell.de> | 2016-08-05 01:22:50 +0200 |
|---|---|---|
| committer | winniehell <git@winniehell.de> | 2016-08-05 01:30:59 +0200 |
| commit | b791dcc05b379a64c1370bc4be8d0aac60b9c31b (patch) | |
| tree | ae979dd569d88c8921799e6f9854e51abf90d8cb /lib/banzai | |
| parent | c9e15be9ab37f2e209d6f51a19fb0e0e11f17db9 (diff) | |
| download | gitlab-ce-b791dcc05b379a64c1370bc4be8d0aac60b9c31b.tar.gz | |
Ignore URLs starting with // (!5677)
Diffstat (limited to 'lib/banzai')
| -rw-r--r-- | lib/banzai/filter/relative_link_filter.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb index 5b73fc8fcee..46762d401fb 100644 --- a/lib/banzai/filter/relative_link_filter.rb +++ b/lib/banzai/filter/relative_link_filter.rb @@ -35,6 +35,7 @@ module Banzai def process_link_attr(html_attr) return if html_attr.blank? + return if html_attr.value.start_with?('//') uri = URI(html_attr.value) if uri.relative? && uri.path.present? @@ -92,7 +93,7 @@ module Banzai parts = request_path.split('/') parts.pop if uri_type(request_path) != :tree - path.sub!(%r{^\./}, '') + path.sub!(%r{\A\./}, '') while path.start_with?('../') parts.pop |