about summary refs log tree commit diff
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2022-04-11 08:40:18 +0200
committerClaire <claire.github-309c@sitedethib.com>2022-04-11 09:06:25 +0200
commitf2b2614d0a3852259f21f7969a946fb3d8b7e96d (patch)
tree3d77fc18ddd8c25e929dfd4258dcfb8bae26b4be
parent9309c53d21df806d57dd59dbc59a807d2f8b8b11 (diff)
Fix link sanitization for outgoing text/html and text/markdown toots
Fixes #1739
Diffstat
-rw-r--r--lib/sanitize_ext/sanitize_config.rb4
-rw-r--r--spec/lib/advanced_text_formatter_spec.rb8
2 files changed, 10 insertions, 2 deletions
diff --git a/lib/sanitize_ext/sanitize_config.rb b/lib/sanitize_ext/sanitize_config.rb
index 935e1f4f6..946543868 100644
--- a/lib/sanitize_ext/sanitize_config.rb
+++ b/lib/sanitize_ext/sanitize_config.rb
@@ -133,7 +133,7 @@ class Sanitize
       rel += ['nofollow', 'noopener', 'noreferrer'] unless TagManager.instance.local_url?(node['href'])
 
       if rel.empty?
-        node['rel']&.delete
+        node.remove_attribute('rel')
       else
         node['rel'] = rel.join(' ')
       end
@@ -144,7 +144,7 @@ class Sanitize
 
       node = env[:node]
       if node['target'] != '_blank' && TagManager.instance.local_url?(node['href'])
-        node['target']&.delete
+        node.remove_attribute('target')
       else
         node['target'] = '_blank'
       end
diff --git a/spec/lib/advanced_text_formatter_spec.rb b/spec/lib/advanced_text_formatter_spec.rb
index 4e859c93c..ea1a9570d 100644
--- a/spec/lib/advanced_text_formatter_spec.rb
+++ b/spec/lib/advanced_text_formatter_spec.rb
@@ -50,6 +50,14 @@ RSpec.describe AdvancedTextFormatter do
         end
       end
 
+      context 'given text with a local-domain mention' do
+        let(:text) { 'foo https://cb6e6126.ngrok.io/about/more' }
+
+        it 'creates a link' do
+          is_expected.to include '<a href="https://cb6e6126.ngrok.io/about/more"'
+        end
+      end
+
       context 'given text containing linkable mentions' do
         let(:preloaded_accounts) { [Fabricate(:account, username: 'alice')] }
         let(:text) { '@alice' }
generated by cgit-pink (git 2.37.1) at 2024-06-02 04:59:22 +0000