Fix auto-linking with escaped HTML entities

We displayed the correct text as the link text (without double-encoding), but
didn't do the same for the actual link target, so any link containing an
ampersand would break when auto-linked.
This commit is contained in:
Sean McGivern 2018-03-28 12:56:11 +01:00
parent cb94afc561
commit 3a43cf426a
3 changed files with 20 additions and 2 deletions

View file

@ -0,0 +1,5 @@
---
title: Fix autolinking URLs containing ampersands
merge_request: 18045
author:
type: fixed

View file

@ -105,8 +105,12 @@ module Banzai
end
end
options = link_options.merge(href: match)
content_tag(:a, match.html_safe, options) + dropped
# match has come from node.to_html above, so we know it's encoded
# correctly.
html_safe_match = match.html_safe
options = link_options.merge(href: html_safe_match)
content_tag(:a, html_safe_match, options) + dropped
end
def autolink_filter(text)

View file

@ -167,6 +167,15 @@ describe Banzai::Filter::AutolinkFilter do
expect(actual).to eq(expected_complicated_link)
end
it 'does not double-encode HTML entities' do
encoded_link = "#{link}?foo=bar&baz=quux"
expected_encoded_link = %Q{<a href="#{encoded_link}">#{encoded_link}</a>}
actual = unescape(filter(encoded_link).to_html)
expect(actual).to eq(Rinku.auto_link(encoded_link))
expect(actual).to eq(expected_encoded_link)
end
it 'does not include trailing HTML entities' do
doc = filter("See &lt;&lt;&lt;#{link}&gt;&gt;&gt;")