Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Browse Source

Fixed #2437 - square brackets are deleted in links

Billy Zhou 6 years ago
parent
db69e55158
commit
7df5c18182
3 changed files with 9 additions and 3 deletions
Split View Show Diff Stats
  1. 0 1
      lib/html_sanitizer.rb
  2. 7 0
      spec/lib/html_sanitizer_spec.rb
  3. 2 2
      test/unit/html_sanitizer_test.rb

+ 0 - 1
lib/html_sanitizer.rb
View File 

@@ -401,7 +401,6 @@ cleanup html string:
 
                                    .delete("\t\n\r\u0000")
 
                                    .gsub(%r{/\*.*?\*/}, '')
 
                                    .gsub(/<!--.*?-->/, '')
 
-                                   .gsub(/\[.+?\]/, '')
 
 
     sanitize_attachment_disposition(cleaned_string)
 
   end

+ 7 - 0
spec/lib/html_sanitizer_spec.rb
View File 

@@ -194,6 +194,13 @@ RSpec.describe HtmlSanitizer do
 
           .to match(HtmlSanitizer::UNPROCESSABLE_HTML_MSG)
 
       end
 
     end
 
+
 
+    context 'with href links that contain square brackets' do
 
+      it 'correctly URL encodes them' do
 
+        expect(HtmlSanitizer.strict(+'<a href="https://example.com/?foo=bar&baz[x]=y">example</a>', true))
 
+          .to eq('<a href="https://example.com/?foo=bar&amp;baz%5Bx%5D=y" rel="nofollow noreferrer noopener" target="_blank" title="https://example.com/?foo=bar&amp;baz[x]=y">example</a>')
 
+      end
 
+    end
 
   end
 
 
   describe '.cleanup' do

+ 2 - 2
test/unit/html_sanitizer_test.rb
View File 

@@ -69,8 +69,8 @@ tt  p://6 6.000146.0x7.147/">XSS</A>', true), '<a href="htt%20%20p://6%206.00014
 
     assert_equal(HtmlSanitizer.strict('<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>'), '')
 
     assert_equal(HtmlSanitizer.strict('<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>'), '')
 
     assert_equal(HtmlSanitizer.strict('<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">'), '<img>')
 
-    assert_equal(HtmlSanitizer.strict('<a href="[a]java[b]script[c]:alert(1)">XXX</a>'), 'XXX')
 
-    assert_equal(HtmlSanitizer.strict('<a href="[a]java[b]script[c]:alert(1)">XXX</a>', true), 'XXX')
 
+    assert_equal(HtmlSanitizer.strict('<a href="[a]java[b]script[c]:alert(1)">XXX</a>'), '<a href="%5Ba%5Djava%5Bb%5Dscript%5Bc%5D:alert(1)">XXX</a>')
 
+    assert_equal(HtmlSanitizer.strict('<a href="[a]java[b]script[c]:alert(1)">XXX</a>', true), '<a href="http://%5Ba%5Djava%5Bb%5Dscript%5Bc%5D:alert(1)" rel="nofollow noreferrer noopener" target="_blank" title="http://%5Ba%5Djava%5Bb%5Dscript%5Bc%5D:alert(1)">XXX</a>')
 
     assert_equal(HtmlSanitizer.strict('<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>'), 'alert(1)')
 
     assert_equal(HtmlSanitizer.strict('<a style="position:fixed;top:0;left:0;width: 260px;height:100vh;background-color:red;display: block;" href="http://example.com"></a>'), '<a href="http://example.com" rel="nofollow noreferrer noopener" target="_blank" title="http://example.com"></a>')
 
     assert_equal(HtmlSanitizer.strict('<a style="position:fixed;top:0;left:0;width: 260px;height:100vh;background-color:red;display: block;" href="http://example.com"></a>', true), '<a href="http://example.com" rel="nofollow noreferrer noopener" target="_blank" title="http://example.com"></a>')