Fix issue with non-ASCII wiki TOC links

Resolves #26210

Updates the TableOfContentsFilter to escape non-ASCII fragments so that
they don't cause the ExternalLinkFilter to inadvertently mark those
links with target="_blank" (due to the fact the ExternalLinkFilter
treats all links as external by default and it uses of URI.parse to
check URL validity).

changelogs/unreleased/26210-toc-links.yml

+---
+title: Fix issue with wiki TOC links being treated as external links
+merge_request:
+author: Oren Kanner
+type: fixed

lib/banzai/filter/table_of_contents_filter.rb

@@ -56,7 +56,8 @@ module Banzai
       private
 
       def anchor_tag(href)
-        %Q{<a id="user-content-#{href}" class="anchor" href="##{href}" aria-hidden="true"></a>}
+        escaped_href = CGI.escape(href) # account for non-ASCII characters
+        %Q{<a id="user-content-#{href}" class="anchor" href="##{escaped_href}" aria-hidden="true"></a>}
       end
 
       def push_toc(children, root: false)
@@ -80,7 +81,7 @@ module Banzai
 
         def initialize(node: nil, href: nil, previous_header: nil)
           @node = node
-          @href = href
+          @href = CGI.escape(href) if href
           @children = []
 
           @parent = find_parent(previous_header)

spec/lib/banzai/filter/table_of_contents_filter_spec.rb

@@ -82,7 +82,9 @@ describe Banzai::Filter::TableOfContentsFilter do
       it 'supports Unicode' do
         doc = filter(header(1, '한글'))
         expect(doc.css('h1 a').first.attr('id')).to eq 'user-content-한글'
-        expect(doc.css('h1 a').first.attr('href')).to eq '#한글'
+        # check that we encode the href to avoid issues with the
+        # ExternalLinkFilter (see https://gitlab.com/gitlab-org/gitlab/issues/26210)
+        expect(doc.css('h1 a').first.attr('href')).to eq "##{CGI.escape('한글')}"
       end
     end
   end