FreakU
/
Retrospring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent text in links from being double-escaped

This commit is contained in:
Karina Kwiatek 2022-07-11 19:37:53 +02:00 committed by Karina Kwiatek
parent 272ca72d3d
commit bd5ec792b7
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/services/shared_markers.rb
View File

@ -19,7 +19,8 @@ module SharedMarkers
}) })
end end
content_tag(:a, text.nil? ? link : text, options) # Marking the text content as HTML safe as <tt>content_tag</tt> already escapes it for us
content_tag(:a, text.nil? ? link : text.html_safe, options)
rescue rescue
link link
end end

9
spec/helpers/markdown_helper_spec.rb
View File

@ -22,6 +22,15 @@ describe MarkdownHelper, type: :helper do
it "should transform mentions into links" do it "should transform mentions into links" do
expect(markdown("@jake_weary")).to eq('<p><a href="/jake_weary">@jake_weary</a></p>') expect(markdown("@jake_weary")).to eq('<p><a href="/jake_weary">@jake_weary</a></p>')
end end
it "should escape text in links" do
expect(markdown("[It's a link](https://example.com)")).to eq('<p><a href="/linkfilter?url=https%3A%2F%2Fexample.com" target="_blank" rel="nofollow">It\'s a link</a></p>')
expect(markdown("[It's >a link](https://example.com)")).to eq('<p><a href="/linkfilter?url=https%3A%2F%2Fexample.com" target="_blank" rel="nofollow">It\'s &gt;a link</a></p>')
end
it "should escape HTML tags" do
expect(markdown("I'm <h1>a test</h1>")).to eq("<p>I'm &lt;h1&gt;a test&lt;/h1&gt;</p>")
end
end end
describe "#strip_markdown" do describe "#strip_markdown" do