Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 09:10:25 +08:00
Code Packages Activity Actions 11

FIX: do not escape already escaped chars in URL

Browse source
This commit is contained in:
Gerhard Schlager 2017-09-22 17:36:44 +02:00
parent 1a435414d5
commit 6f6b47f096
2 changed files with 56 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

42
spec/models/topic_embed_spec.rb
View file

@ -186,7 +186,8 @@ describe TopicEmbed do
before do
file.stubs(:read).returns contents
TopicEmbed.stubs(:open).returns file
TopicEmbed.stubs(:open)
.with('http://eviltrout.com/test/%D9%85%D8%A7%D9%87%DB%8C', allow_redirections: :safe).returns file
end
it "doesn't throw an error" do
@ -195,6 +196,24 @@ describe TopicEmbed do
end
end
context "encoded URL" do
let(:url) { 'http://example.com/hello%20world' }
let(:contents) { "<title>Hello World!</title><body></body>" }
let!(:embeddable_host) { Fabricate(:embeddable_host) }
let!(:file) { StringIO.new }
before do
file.stubs(:read).returns contents
TopicEmbed.stubs(:open)
.with('http://example.com/hello%20world', allow_redirections: :safe).returns file
end
it "doesn't throw an error" do
response = TopicEmbed.find_remote(url)
expect(response.title).to eq("Hello World!")
end
end
context "emails" do
let(:url) { 'http://example.com/foo' }
let(:contents) { '<p><a href="mailto:foo%40example.com">URL encoded @ symbol</a></p><p><a href="mailto:bar@example.com">normal mailto link</a></p>' }
@ -214,4 +233,25 @@ describe TopicEmbed do
end
end
context ".escape_uri" do
it "doesn't escape simple URL" do
url = TopicEmbed.escape_uri('http://example.com/foo/bar')
expect(url).to eq('http://example.com/foo/bar')
end
it "escapes unsafe chars" do
url = TopicEmbed.escape_uri("http://example.com/?a=\11\15")
expect(url).to eq('http://example.com/?a=%09%0D')
end
it "escapes non-ascii chars" do
url = TopicEmbed.escape_uri('http://example.com/ماهی')
expect(url).to eq('http://example.com/%D9%85%D8%A7%D9%87%DB%8C')
end
it "doesn't escape already escaped chars" do
url = TopicEmbed.escape_uri('http://example.com/foo%20bar/foo bar/')
expect(url).to eq('http://example.com/foo%20bar/foo%20bar/')
end
end
end