diff options
author | Pierre Rudloff <contact@rudloff.pro> | 2016-10-26 18:36:16 +0200 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-10-26 12:36:16 -0400 |
commit | 7e67eabca91d9c52b741d0808ffb6f556d8ffb13 (patch) | |
tree | 0360c66718b63b088e04704eb62a896fc41bad0a | |
parent | c07cdd666a05dc7394f8a2f7799c2fbdbca2c9ca (diff) | |
download | chat-7e67eabca91d9c52b741d0808ffb6f556d8ffb13.tar.gz chat-7e67eabca91d9c52b741d0808ffb6f556d8ffb13.tar.bz2 chat-7e67eabca91d9c52b741d0808ffb6f556d8ffb13.zip |
Fix URL parsing when URL has been encoded with escape() (fixes #4322) (#4338)
-rw-r--r-- | webapp/tests/formatting_links.test.jsx | 14 | ||||
-rw-r--r-- | webapp/utils/markdown.jsx | 8 |
2 files changed, 21 insertions, 1 deletions
diff --git a/webapp/tests/formatting_links.test.jsx b/webapp/tests/formatting_links.test.jsx index 237ef6121..30461e6be 100644 --- a/webapp/tests/formatting_links.test.jsx +++ b/webapp/tests/formatting_links.test.jsx @@ -501,4 +501,18 @@ describe('Markdown.Links', function() { done(); }); + + it('Links containing %', function(done) { + assert.equal( + Markdown.format('https://en.wikipedia.org/wiki/%C3%89').trim(), + '<p><a class="theme markdown__link" href="https://en.wikipedia.org/wiki/%C3%89" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/%C3%89</a></p>' + ); + + assert.equal( + Markdown.format('https://en.wikipedia.org/wiki/%E9').trim(), + '<p><a class="theme markdown__link" href="https://en.wikipedia.org/wiki/%E9" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/%E9</a></p>' + ); + + done(); + }); }); diff --git a/webapp/utils/markdown.jsx b/webapp/utils/markdown.jsx index 7f597eb3d..0b279ca6d 100644 --- a/webapp/utils/markdown.jsx +++ b/webapp/utils/markdown.jsx @@ -135,7 +135,13 @@ class MattermostMarkdownRenderer extends marked.Renderer { let outHref = href; try { - const unescaped = decodeURIComponent(unescape(href)).replace(/[^\w:]/g, '').toLowerCase(); + let unescaped = unescape(href); + try { + unescaped = decodeURIComponent(unescaped); + } catch (e) { + unescaped = global.unescape(unescaped); + } + unescaped = unescaped.replace(/[^\w:]/g, '').toLowerCase(); if (unescaped.indexOf('javascript:') === 0 || unescaped.indexOf('vbscript:') === 0 || unescaped.indexOf('data:') === 0) { // eslint-disable-line no-script-url return text; |