From 0faf772b6cfd691e16d529051a8901627a660a7a Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 22 Dec 2017 23:19:57 -0800 Subject: Gracefully handle garbled URIs in Markdown There are certain inputs that look like valid URIs that are accepted by URI but not Addressable::URI. Handle the case where the latter fails. Closes #41442 --- changelogs/unreleased/sh-catch-invalid-uri-markdown.yml | 5 +++++ lib/banzai/filter/relative_link_filter.rb | 2 +- spec/lib/banzai/filter/relative_link_filter_spec.rb | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/sh-catch-invalid-uri-markdown.yml diff --git a/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml b/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml new file mode 100644 index 00000000000..9b0233fe988 --- /dev/null +++ b/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml @@ -0,0 +1,5 @@ +--- +title: Gracefully handle garbled URIs in Markdown +merge_request: +author: +type: fixed diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb index c1f933ec54b..5c197afd782 100644 --- a/lib/banzai/filter/relative_link_filter.rb +++ b/lib/banzai/filter/relative_link_filter.rb @@ -66,7 +66,7 @@ module Banzai if uri.relative? && uri.path.present? html_attr.value = rebuild_relative_uri(uri).to_s end - rescue URI::Error + rescue URI::Error, Addressable::URI::InvalidURIError # noop end diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb index ef306f1cd4a..f38f0776303 100644 --- a/spec/lib/banzai/filter/relative_link_filter_spec.rb +++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb @@ -76,6 +76,11 @@ describe Banzai::Filter::RelativeLinkFilter do expect { filter(act) }.not_to raise_error end + it 'does not raise an exception with a garbled path' do + act = link("open(/var/tmp/):%20/location%0Afrom:%20/test") + expect { filter(act) }.not_to raise_error + end + it 'ignores ref if commit is passed' do doc = filter(link('non/existent.file'), commit: project.commit('empty-branch') ) expect(doc.at_css('a')['href']) -- cgit v1.2.1