Gracefully handle invalid UTF-8 sequences in Markdown links

Closes #6077

Gracefully handle invalid UTF-8 sequences in Markdown links
Closes #6077
a10ab94b · Stan Hu · f8f96994 · a10ab94b · a10ab94b
Commit a10ab94b authored Jan 13, 2016 by Stan Hu
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

CHANGELOG CHANGELOG +1 -0

lib/banzai/filter/reference_filter.rb lib/banzai/filter/reference_filter.rb +2 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ v 8.4.0 (unreleased)
  - Autocomplete data is now always loaded, instead of when focusing a comment text area
  - Improved performance of finding issues for an entire group
  - Added custom application performance measuring system powered by InfluxDB
+  - Gracefully handle invalid UTF-8 sequences in Markdown links (Stan Hu)
  - Bump fog to 1.36.0 (Stan Hu)
  - Add user's last used IP addresses to admin page (Stan Hu)
  - Add housekeeping function to project settings page

--- a/lib/banzai/filter/reference_filter.rb
+++ b/lib/banzai/filter/reference_filter.rb
@@ -133,6 +133,7 @@ module Banzai
          next unless link && text

          link = CGI.unescape(link)
+          next unless link.force_encoding('UTF-8').valid_encoding?
          # Ignore ending punctionation like periods or commas
          next unless link == text && text =~ /\A#{pattern}/

@@ -170,6 +171,7 @@ module Banzai

          next unless link && text
          link = CGI.unescape(link)
+          next unless link.force_encoding('UTF-8').valid_encoding?
          next unless link && link =~ /\A#{pattern}\z/

          html = yield link, text