FIX: Replace protocol relative URLs in emails

2025-02-25 18:55:32 -06:00 · 2014-06-13 17:11:04 -04:00 · 2014-06-13 17:11:04 -04:00 · c690fa0d19
commit c690fa0d19
parent fb639bc5f9
2 changed files with 56 additions and 6 deletions
--- a/lib/email/styles.rb
+++ b/lib/email/styles.rb
@ -20,6 +20,8 @@ module Email
    end

    def format_basic
+      uri = URI(Discourse.base_url)
+
      @fragment.css('img').each do |img|

        next if img['class'] == 'site-logo'
@ -38,7 +40,7 @@ module Email

        # ensure no schemaless urls
        if img['src'] && img['src'].starts_with?("//")
-          img['src'] = "http:" + img['src']
+          img['src'] = "#{uri.scheme}:#{img['src']}"
        end
      end
    end
@ -101,6 +103,7 @@ module Email

    def to_html
      strip_classes_and_ids
+      replace_relative_urls
      @fragment.to_html.tap do |result|
        result.gsub!(/\[email-indent\]/, "<div style='margin-left: 15px'>")
        result.gsub!(/\[\/email-indent\]/, "</div>")
@ -109,6 +112,19 @@ module Email

    private

+    def replace_relative_urls
+      forum_uri = URI(Discourse.base_url)
+      host = forum_uri.host
+      scheme = forum_uri.scheme
+
+      @fragment.css('[href]').each do |element|
+        href = element['href']
+        if href =~ /^\/\/#{host}/
+          element['href'] = "#{scheme}:#{href}"
+        end
+      end
+    end
+
    def correct_first_body_margin
      @fragment.css('.body p').each do |element|
        element['style'] = "margin-top:0; border: 0;"
--- a/spec/components/email/styles_spec.rb
+++ b/spec/components/email/styles_spec.rb
@ -40,11 +40,6 @@ describe Email::Styles do
      expect(frag.at("img")["src"]).to eq("#{Discourse.base_url}/some-image.png")
    end

-    it "prefixes schemaless image urls with http:" do
-      frag = basic_fragment("<img src='//www.discourse.com/some-image.gif'>")
-      expect(frag.at("img")["src"]).to eq("http://www.discourse.com/some-image.gif")
-    end
-
    it "strips classes and ids" do
      frag = basic_fragment("<div class='foo' id='bar'><div class='foo' id='bar'></div></div>")
      expect(frag.to_html).to eq("<div><div></div></div>")
@ -84,6 +79,45 @@ describe Email::Styles do
      expect(frag.at('ul')['style']).to be_present
      expect(frag.at('li')['style']).to be_present
    end
+  end
+
+  context "rewriting protocol relative URLs to the forum" do
+    it "doesn't rewrite a url to another site" do
+      frag = html_fragment('<a href="//youtube.com/discourse">hello</a>')
+      frag.at('a')['href'].should == "//youtube.com/discourse"
+    end
+
+    context "without https" do
+      before do
+        SiteSetting.stubs(:use_https).returns(false)
+      end
+
+      it "rewrites the href to have http" do
+        frag = html_fragment('<a href="//test.localhost/discourse">hello</a>')
+        frag.at('a')['href'].should == "http://test.localhost/discourse"
+      end
+
+      it "rewrites the src to have http" do
+        frag = html_fragment('<img src="//test.localhost/blah.jpg">')
+        frag.at('img')['src'].should == "http://test.localhost/blah.jpg"
+      end
+    end
+
+    context "with https" do
+      before do
+        SiteSetting.stubs(:use_https).returns(true)
+      end
+
+      it "rewrites the forum URL to have http" do
+        frag = html_fragment('<a href="//test.localhost/discourse">hello</a>')
+        frag.at('a')['href'].should == "https://test.localhost/discourse"
+      end
+
+      it "rewrites the src to have https" do
+        frag = html_fragment('<img src="//test.localhost/blah.jpg">')
+        frag.at('img')['src'].should == "https://test.localhost/blah.jpg"
+      end
+    end

  end