diff options
author | Stan Hu <stanhu@gmail.com> | 2016-05-07 10:56:08 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2016-05-09 12:47:53 -0700 |
commit | 849cc380d8f2ed895bde11c01987e6633bc3d567 (patch) | |
tree | 76de46e4b15969b09b3fa235642e160203a0a112 /lib | |
parent | 93b4a3a1561839f42b03755b071296b926f6e7a5 (diff) | |
download | gitlab-ce-849cc380d8f2ed895bde11c01987e6633bc3d567.tar.gz |
Use a case-insensitive comparison in sanitizing URI schemes
Closes #1625
Diffstat (limited to 'lib')
-rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index 42dbab9d27e..ca80aac5a08 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -63,7 +63,7 @@ module Banzai begin uri = Addressable::URI.parse(node['href']) - uri.scheme.strip! if uri.scheme + uri.scheme = uri.scheme.strip.downcase if uri.scheme node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme) rescue Addressable::URI::InvalidURIError |