Avoid client side double linking of links in blobs

Adjust regex to ignore links which are part of a html link Fixes #35120

Avoid client side double linking of links in blobs
Adjust regex to ignore links which are part of a html link Fixes #35120
8d4a642b · Jan Beckmann · Kushal Pandya · 3c2abdbe · 8d4a642b · 8d4a642b
Commit 8d4a642b authored Nov 08, 2019 by Jan Beckmann Committed by Kushal Pandya Nov 08, 2019
Showing with 23 additions and 6 deletions

app/assets/javascripts/blob/blob_utils.js app/assets/javascripts/blob/blob_utils.js +2 -2

spec/javascripts/blob/viewer/index_spec.js spec/javascripts/blob/viewer/index_spec.js +21 -4

No files found.
--- a/app/assets/javascripts/blob/blob_utils.js
+++ b/app/assets/javascripts/blob/blob_utils.js
-// capture anything starting with http:// or https://
+// capture anything starting with http:// or https:// which is not already part of a html link
 // up until a disallowed character or whitespace
-export const blobLinkRegex = /https?:\/\/[^"<>\\^`{|}\s]+/g;
+export const blobLinkRegex = /(?<!<a href=")https?:\/\/[^"<>\\^`{|}\s]+/g;

 export default { blobLinkRegex };
--- a/spec/javascripts/blob/viewer/index_spec.js
+++ b/spec/javascripts/blob/viewer/index_spec.js
@@ -176,15 +176,13 @@ describe('Blob viewer', () => {
    });
  });

-  describe('a URL inside the blob content', () => {
-    beforeEach(() => {
+  describe('linkifyURLs', () => {
+    it('renders a plain url as a link in simple view', done => {
      mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, {
        html:
          '<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><span class="c1">To install gitlab-shell you also need a Go compiler version 1.8 or newer. https://golang.org/dl/</span></span></code></pre></div>',
      });
-    });

-    it('is rendered as a link in simple view', done => {
      asyncClick()
        .then(() => {
          expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain(
@@ -197,5 +195,24 @@ describe('Blob viewer', () => {
          done();
        });
    });
+
+    it('leaves an unescaped url untouched', done => {
+      mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, {
+        html:
+          '<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><a href="https://golang.org/dl/">golang</a></span></span></code></pre></div>',
+      });
+
+      asyncClick()
+        .then(() => {
+          expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain(
+            '<a href="https://golang.org/dl/">golang</a>',
+          );
+          done();
+        })
+        .catch(() => {
+          fail();
+          done();
+        });
+    });
  });
 });