berserker
/
microblog
2
0
Fork 1
Code Issues 12 Pull Requests Projects Releases Wiki Activity

Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558)

Browse Source
local
Claire 1 year ago committed by GitHub
parent 0c689b9d01
commit 15b88a83ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      lib/sanitize_ext/sanitize_config.rb
  2. 4
      spec/lib/sanitize_config_spec.rb

2
lib/sanitize_ext/sanitize_config.rb
Unescape View File

@ -49,7 +49,7 @@ class Sanitize
end
end
current_node.replace(current_node.text) unless LINK_PROTOCOLS.include?(scheme)
current_node.replace(Nokogiri::XML::Text.new(current_node.text, current_node.document)) unless LINK_PROTOCOLS.include?(scheme)
end
UNSUPPORTED_ELEMENTS_TRANSFORMER = lambda do |env|

4
spec/lib/sanitize_config_spec.rb
Unescape View File

@ -38,6 +38,10 @@ describe Sanitize::Config do
expect(Sanitize.fragment('<a href="foo://bar">Test</a>', subject)).to eq 'Test'
end
it 'does not re-interpret HTML when removing unsupported links' do
expect(Sanitize.fragment('<a href="foo://bar">Test&lt;a href="https://example.com"&gt;test&lt;/a&gt;</a>', subject)).to eq 'Test&lt;a href="https://example.com"&gt;test&lt;/a&gt;'
end
it 'keeps a with href' do
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
end

Write Preview
Loading…
Cancel
Save