Commit 0ebe4191 authored by Kushal Pandya's avatar Kushal Pandya

Add `sanitize_name` helper to sanitize URLs in user full name

parent 7a10ef6e
...@@ -36,6 +36,14 @@ module EmailsHelper ...@@ -36,6 +36,14 @@ module EmailsHelper
nil nil
end end
def sanitize_name(name)
if name =~ URI::DEFAULT_PARSER.regexp[:URI_REF]
name.tr('.', '_')
else
name
end
end
def password_reset_token_valid_time def password_reset_token_valid_time
valid_hours = Devise.reset_password_within / 60 / 60 valid_hours = Devise.reset_password_within / 60 / 60
if valid_hours >= 24 if valid_hours >= 24
......
require 'spec_helper' require 'spec_helper'
describe EmailsHelper do describe EmailsHelper do
describe 'sanitize_name' do
context 'when name contains a valid URL string' do
it 'returns name with `.` replaced with `_` to prevent mail clients from auto-linking URLs' do
expect(sanitize_name('https://about.gitlab.com')).to eq('https://about_gitlab_com')
expect(sanitize_name('www.gitlab.com')).to eq('www_gitlab_com')
expect(sanitize_name('//about.gitlab.com/handbook/security/#best-practices')).to eq('//about_gitlab_com/handbook/security/#best-practices')
end
it 'returns name as it is when it does not contain a URL' do
expect(sanitize_name('Foo Bar')).to eq('Foo Bar')
end
end
end
describe 'password_reset_token_valid_time' do describe 'password_reset_token_valid_time' do
def validate_time_string(time_limit, expected_string) def validate_time_string(time_limit, expected_string)
Devise.reset_password_within = time_limit Devise.reset_password_within = time_limit
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment