Gracefully handle garbled URIs in Markdown

There are certain inputs that look like valid URIs that are accepted by URI but not Addressable::URI. Handle the case where the latter fails. Closes #41442

Gracefully handle garbled URIs in Markdown
There are certain inputs that look like valid URIs that are accepted by URI but not Addressable::URI. Handle the case where the latter fails. Closes #41442
0faf772b · Stan Hu · 46be07d2 · 0faf772b · 0faf772b · 0faf772b
Commit 0faf772b authored Dec 22, 2017 by Stan Hu
3 changed files
--- a/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml
+++ b/changelogs/unreleased/sh-catch-invalid-uri-markdown.yml
+---
+title: Gracefully handle garbled URIs in Markdown
+merge_request:
+author:
+type: fixed
--- a/lib/banzai/filter/relative_link_filter.rb
+++ b/lib/banzai/filter/relative_link_filter.rb
@@ -66,7 +66,7 @@ module Banzai
        if uri.relative? && uri.path.present?
          html_attr.value = rebuild_relative_uri(uri).to_s
        end
-      rescue URI::Error
+      rescue URI::Error, Addressable::URI::InvalidURIError
        # noop
      end

--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -76,6 +76,11 @@ describe Banzai::Filter::RelativeLinkFilter do
    expect { filter(act) }.not_to raise_error
  end
+  it 'does not raise an exception with a garbled path' do
+    act = link("open(/var/tmp/):%20/location%0Afrom:%20/test")
+    expect { filter(act) }.not_to raise_error
+  end
  it 'ignores ref if commit is passed' do
    doc = filter(link('non/existent.file'), commit: project.commit('empty-branch') )
    expect(doc.at_css('a')['href'])