summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSean McGivern <sean@gitlab.com>2018-03-28 12:56:11 +0100
committerSean McGivern <sean@gitlab.com>2018-03-28 14:23:47 +0100
commit3a43cf426af6433ec8d5597da902f1081866796d (patch)
treee41e4714d2a0b4bcc6abf20057a3b5d46448a5c8 /lib
parentcb94afc561c08db1b2312020e9d0a3e2f5837494 (diff)
downloadgitlab-ce-3a43cf426af6433ec8d5597da902f1081866796d.tar.gz
Fix auto-linking with escaped HTML entities
We displayed the correct text as the link text (without double-encoding), but didn't do the same for the actual link target, so any link containing an ampersand would break when auto-linked.
Diffstat (limited to 'lib')
-rw-r--r--lib/banzai/filter/autolink_filter.rb8
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/banzai/filter/autolink_filter.rb b/lib/banzai/filter/autolink_filter.rb
index ce401c1c31c..4a143baeef6 100644
--- a/lib/banzai/filter/autolink_filter.rb
+++ b/lib/banzai/filter/autolink_filter.rb
@@ -105,8 +105,12 @@ module Banzai
end
end
- options = link_options.merge(href: match)
- content_tag(:a, match.html_safe, options) + dropped
+ # match has come from node.to_html above, so we know it's encoded
+ # correctly.
+ html_safe_match = match.html_safe
+ options = link_options.merge(href: html_safe_match)
+
+ content_tag(:a, html_safe_match, options) + dropped
end
def autolink_filter(text)