diff options
author | Sean McGivern <sean@gitlab.com> | 2018-03-28 12:56:11 +0100 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2018-03-28 14:23:47 +0100 |
commit | 3a43cf426af6433ec8d5597da902f1081866796d (patch) | |
tree | e41e4714d2a0b4bcc6abf20057a3b5d46448a5c8 /lib | |
parent | cb94afc561c08db1b2312020e9d0a3e2f5837494 (diff) | |
download | gitlab-ce-3a43cf426af6433ec8d5597da902f1081866796d.tar.gz |
Fix auto-linking with escaped HTML entities
We displayed the correct text as the link text (without double-encoding), but
didn't do the same for the actual link target, so any link containing an
ampersand would break when auto-linked.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/banzai/filter/autolink_filter.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/banzai/filter/autolink_filter.rb b/lib/banzai/filter/autolink_filter.rb index ce401c1c31c..4a143baeef6 100644 --- a/lib/banzai/filter/autolink_filter.rb +++ b/lib/banzai/filter/autolink_filter.rb @@ -105,8 +105,12 @@ module Banzai end end - options = link_options.merge(href: match) - content_tag(:a, match.html_safe, options) + dropped + # match has come from node.to_html above, so we know it's encoded + # correctly. + html_safe_match = match.html_safe + options = link_options.merge(href: html_safe_match) + + content_tag(:a, html_safe_match, options) + dropped end def autolink_filter(text) |