Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
2289ee1c
Commit
2289ee1c
authored
Oct 21, 2016
by
Stan Hu
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "Merge branch 'markdown-xss-fix-option-2' into 'security'
This reverts commit
eb54c711
.
parent
1a7926ca
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
0 additions
and
35 deletions
+0
-35
lib/banzai/filter/autolink_filter.rb
lib/banzai/filter/autolink_filter.rb
+0
-13
spec/lib/banzai/filter/autolink_filter_spec.rb
spec/lib/banzai/filter/autolink_filter_spec.rb
+0
-22
No files found.
lib/banzai/filter/autolink_filter.rb
View file @
2289ee1c
...
...
@@ -71,11 +71,6 @@ module Banzai
@doc
=
parse_html
(
rinku
)
end
# Return true if any of the UNSAFE_PROTOCOLS strings are included in the URI scheme
def
contains_unsafe?
(
scheme
)
Banzai
::
Filter
::
SanitizationFilter
::
UNSAFE_PROTOCOLS
.
any?
{
|
protocol
|
scheme
.
include?
(
protocol
)
}
end
# Autolinks any text matching LINK_PATTERN that Rinku didn't already
# replace
def
text_parse
...
...
@@ -84,14 +79,6 @@ module Banzai
next
unless
content
.
match
(
LINK_PATTERN
)
begin
uri
=
Addressable
::
URI
.
parse
(
content
)
uri
.
scheme
=
uri
.
scheme
.
strip
.
downcase
if
uri
.
scheme
next
if
contains_unsafe?
(
uri
.
scheme
)
rescue
Addressable
::
URI
::
InvalidURIError
next
end
html
=
autolink_filter
(
content
)
next
if
html
==
content
...
...
spec/lib/banzai/filter/autolink_filter_spec.rb
View file @
2289ee1c
...
...
@@ -99,28 +99,6 @@ describe Banzai::Filter::AutolinkFilter, lib: true do
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
link
end
it
'autolinks rdar'
do
link
=
'rdar://localhost.com/blah'
doc
=
filter
(
"See
#{
link
}
"
)
expect
(
doc
.
at_css
(
'a'
).
text
).
to
eq
link
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
link
end
it
'does not autolink javascript'
do
link
=
'javascript://alert(document.cookie);'
doc
=
filter
(
"See
#{
link
}
"
)
expect
(
doc
.
to_s
).
not_to
include
(
'href="javascript://'
)
end
it
'does not autolink bad URLs'
do
link
=
'foo://23423:::asdf'
doc
=
filter
(
"See
#{
link
}
"
)
expect
(
doc
.
to_s
).
to
eq
(
"See
#{
link
}
"
)
end
it
'does not include trailing punctuation'
do
doc
=
filter
(
"See
#{
link
}
."
)
expect
(
doc
.
at_css
(
'a'
).
text
).
to
eq
link
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment