Commit 180d3440 authored by Kushal Pandya's avatar Kushal Pandya

Merge branch '35120-links-dependency-files-fix' into 'master'

Avoid client side double linking of links in blobs

Closes #35120

See merge request gitlab-org/gitlab!19464
parents 3c2abdbe 8d4a642b
// capture anything starting with http:// or https:// // capture anything starting with http:// or https:// which is not already part of a html link
// up until a disallowed character or whitespace // up until a disallowed character or whitespace
export const blobLinkRegex = /https?:\/\/[^"<>\\^`{|}\s]+/g; export const blobLinkRegex = /(?<!<a href=")https?:\/\/[^"<>\\^`{|}\s]+/g;
export default { blobLinkRegex }; export default { blobLinkRegex };
...@@ -176,15 +176,13 @@ describe('Blob viewer', () => { ...@@ -176,15 +176,13 @@ describe('Blob viewer', () => {
}); });
}); });
describe('a URL inside the blob content', () => { describe('linkifyURLs', () => {
beforeEach(() => { it('renders a plain url as a link in simple view', done => {
mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, { mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, {
html: html:
'<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><span class="c1">To install gitlab-shell you also need a Go compiler version 1.8 or newer. https://golang.org/dl/</span></span></code></pre></div>', '<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><span class="c1">To install gitlab-shell you also need a Go compiler version 1.8 or newer. https://golang.org/dl/</span></span></code></pre></div>',
}); });
});
it('is rendered as a link in simple view', done => {
asyncClick() asyncClick()
.then(() => { .then(() => {
expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain( expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain(
...@@ -197,5 +195,24 @@ describe('Blob viewer', () => { ...@@ -197,5 +195,24 @@ describe('Blob viewer', () => {
done(); done();
}); });
}); });
it('leaves an unescaped url untouched', done => {
mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, {
html:
'<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><a href="https://golang.org/dl/">golang</a></span></span></code></pre></div>',
});
asyncClick()
.then(() => {
expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain(
'<a href="https://golang.org/dl/">golang</a>',
);
done();
})
.catch(() => {
fail();
done();
});
});
}); });
}); });
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment