Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742.

2016-10-01 13:53:08 -07:00 · 2016-10-01 13:53:08 -07:00 · 15d83f6ae2
parent 8bdecf8e18
commit 15d83f6ae2
3 changed files with 19 additions and 1 deletions
--- a/changelogs/unreleased/22742-filter-protocol-relative-urls.yml
+++ b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml
@ -0,0 +1,4 @@
+---
+title: 'Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742'
+merge_request: 6635
+author: Makoto Scott-Hinkle
--- a/lib/banzai/filter/external_link_filter.rb
+++ b/lib/banzai/filter/external_link_filter.rb
@ -10,7 +10,7 @@ module Banzai
            node.set_attribute('href', href)
          end

-          if href =~ /\Ahttp(s)?:\/\// && external_url?(href)
+          if href =~ %r{\A(https?:)?//[^/]} && external_url?(href)
            node.set_attribute('rel', 'nofollow noreferrer')
            node.set_attribute('target', '_blank')
          end
--- a/spec/lib/banzai/filter/external_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/external_link_filter_spec.rb
@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do
      expect(filter(act).to_html).to eq(exp)
    end
  end
+
+  context 'for protocol-relative links' do
+    let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) }
+
+    it 'adds rel="nofollow" to external links' do
+      expect(doc.at_css('a')).to have_attribute('rel')
+      expect(doc.at_css('a')['rel']).to include 'nofollow'
+    end
+
+    it 'adds rel="noreferrer" to external links' do
+      expect(doc.at_css('a')).to have_attribute('rel')
+      expect(doc.at_css('a')['rel']).to include 'noreferrer'
+    end
+  end
 end