Commit 15d83f6a authored by Makoto Scott-Hinkle's avatar Makoto Scott-Hinkle

Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742.

parent 8bdecf8e
---
title: 'Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742'
merge_request: 6635
author: Makoto Scott-Hinkle
...@@ -10,7 +10,7 @@ module Banzai ...@@ -10,7 +10,7 @@ module Banzai
node.set_attribute('href', href) node.set_attribute('href', href)
end end
if href =~ /\Ahttp(s)?:\/\// && external_url?(href) if href =~ %r{\A(https?:)?//[^/]} && external_url?(href)
node.set_attribute('rel', 'nofollow noreferrer') node.set_attribute('rel', 'nofollow noreferrer')
node.set_attribute('target', '_blank') node.set_attribute('target', '_blank')
end end
......
...@@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do ...@@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do
expect(filter(act).to_html).to eq(exp) expect(filter(act).to_html).to eq(exp)
end end
end end
context 'for protocol-relative links' do
let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) }
it 'adds rel="nofollow" to external links' do
expect(doc.at_css('a')).to have_attribute('rel')
expect(doc.at_css('a')['rel']).to include 'nofollow'
end
it 'adds rel="noreferrer" to external links' do
expect(doc.at_css('a')).to have_attribute('rel')
expect(doc.at_css('a')['rel']).to include 'noreferrer'
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment