forked from fedi/mastodon
Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558)
This commit is contained in:
parent
0c689b9d01
commit
15b88a83ab
|
@ -49,7 +49,7 @@ class Sanitize
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
current_node.replace(current_node.text) unless LINK_PROTOCOLS.include?(scheme)
|
current_node.replace(Nokogiri::XML::Text.new(current_node.text, current_node.document)) unless LINK_PROTOCOLS.include?(scheme)
|
||||||
end
|
end
|
||||||
|
|
||||||
UNSUPPORTED_ELEMENTS_TRANSFORMER = lambda do |env|
|
UNSUPPORTED_ELEMENTS_TRANSFORMER = lambda do |env|
|
||||||
|
|
|
@ -38,6 +38,10 @@ describe Sanitize::Config do
|
||||||
expect(Sanitize.fragment('<a href="foo://bar">Test</a>', subject)).to eq 'Test'
|
expect(Sanitize.fragment('<a href="foo://bar">Test</a>', subject)).to eq 'Test'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'does not re-interpret HTML when removing unsupported links' do
|
||||||
|
expect(Sanitize.fragment('<a href="foo://bar">Test<a href="https://example.com">test</a></a>', subject)).to eq 'Test<a href="https://example.com">test</a>'
|
||||||
|
end
|
||||||
|
|
||||||
it 'keeps a with href' do
|
it 'keeps a with href' do
|
||||||
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
|
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue