IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

DEV: More robust processing of URLs (#11361)

Browse Source 
* DEV: More robust processing of URLs

The previous `UrlHelper.encode_component(CGI.unescapeHTML(UrlHelper.unencode(uri))` method would naively process URLs, which could result in a badly formed response.

`Addressable::URI.normalized_encode(uri)` appears to deal with these edge-cases in a more robust way.

* DEV: onebox should use UrlHelper

* DEV: fix spec

* DEV: Escape output when rendering local links
This commit is contained in:
jbrw
2020-12-03 17:16:01 -05:00
committed by GitHub
parent e4d51e5b0a
commit da9b837da0
5 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
spec/components/final_destination_spec.rb
View File

@@ -463,7 +463,7 @@ describe FinalDestination do
expect(fd(fragment_url).escape_url.to_s).to eq(fragment_url)
expect(fd("https://eviltrout.com?s=180&d=mm&r=g").escape_url.to_s)
.to eq("https://eviltrout.com?s=180&d=mm&r=g")
.to eq("https://eviltrout.com?s=180&d=mm&%23038;r=g")
expect(fd("http://example.com/?a=\11\15").escape_url.to_s).to eq("http://example.com/?a=%09%0D")