Fix link sanitization for outgoing text/html and text/markdown toots

author Claire <claire.github-309c@sitedethib.com>

Mon, 11 Apr 2022 06:40:18 +0000 (08:40 +0200)

committer kibigo! <1960844-kibigo@users.noreply.gitlab.com>

Tue, 12 Apr 2022 01:41:21 +0000 (01:41 +0000)
author Claire <claire.github-309c@sitedethib.com>
Mon, 11 Apr 2022 06:40:18 +0000 (08:40 +0200)
committer kibigo! <1960844-kibigo@users.noreply.gitlab.com>
Tue, 12 Apr 2022 01:41:21 +0000 (01:41 +0000)
diff --git a/lib/sanitize_ext/sanitize_config.rb b/lib/sanitize_ext/sanitize_config.rb

index 935e1f4f612335dd70be33fab0a7954f3c8c7458..946543868a516ef572324179d1f394990fcc2b41 100644 (file)
--- a/lib/sanitize_ext/sanitize_config.rb
+++ b/lib/sanitize_ext/sanitize_config.rb
@@ -133,7 +133,7 @@ class Sanitize
        rel += ['nofollow', 'noopener', 'noreferrer'] unless TagManager.instance.local_url?(node['href'])
  
        if rel.empty?
-        node['rel']&.delete
+        node.remove_attribute('rel')
        else
          node['rel'] = rel.join(' ')
        end
@@ -144,7 +144,7 @@ class Sanitize
  
        node = env[:node]
        if node['target'] != '_blank' && TagManager.instance.local_url?(node['href'])
-        node['target']&.delete
+        node.remove_attribute('target')
        else
          node['target'] = '_blank'
        end
diff --git a/spec/lib/advanced_text_formatter_spec.rb b/spec/lib/advanced_text_formatter_spec.rb

index 4e859c93c3aafd5f4181498e050a417a60c0b88f..ea1a9570d0ce0e6dce1e3b69761870efff7448cd 100644 (file)
--- a/spec/lib/advanced_text_formatter_spec.rb
+++ b/spec/lib/advanced_text_formatter_spec.rb
@@ -50,6 +50,14 @@ RSpec.describe AdvancedTextFormatter do
          end
        end
  
+      context 'given text with a local-domain mention' do
+        let(:text) { 'foo https://cb6e6126.ngrok.io/about/more' }
+
+        it 'creates a link' do
+          is_expected.to include '<a href="https://cb6e6126.ngrok.io/about/more"'
+        end
+      end
+
        context 'given text containing linkable mentions' do
          let(:preloaded_accounts) { [Fabricate(:account, username: 'alice')] }
          let(:text) { '@alice' }
author	Claire <claire.github-309c@sitedethib.com>
	Mon, 11 Apr 2022 06:40:18 +0000 (08:40 +0200)
committer	kibigo! <1960844-kibigo@users.noreply.gitlab.com>
	Tue, 12 Apr 2022 01:41:21 +0000 (01:41 +0000)
lib/sanitize_ext/sanitize_config.rb		patch \| blob \| history
spec/lib/advanced_text_formatter_spec.rb		patch \| blob \| history