Fix URL parsing when URL has been encoded with escape() (fixes #4322) (#4338)

2 files changed, 21 insertions, 1 deletions

diff --git a/webapp/tests/formatting_links.test.jsx b/webapp/tests/formatting_links.test.jsx
index 237ef6121..30461e6be 100644
--- a/webapp/tests/formatting_links.test.jsx
+++ b/webapp/tests/formatting_links.test.jsx
@@ -501,4 +501,18 @@ describe('Markdown.Links', function() {
 
         done();
     });
+
+    it('Links containing %', function(done) {
+        assert.equal(
+            Markdown.format('https://en.wikipedia.org/wiki/%C3%89').trim(),
+            '<p><a class="theme markdown__link" href="https://en.wikipedia.org/wiki/%C3%89" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/%C3%89</a></p>'
+        );
+
+        assert.equal(
+            Markdown.format('https://en.wikipedia.org/wiki/%E9').trim(),
+            '<p><a class="theme markdown__link" href="https://en.wikipedia.org/wiki/%E9" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/%E9</a></p>'
+        );
+
+        done();
+    });
 });
diff --git a/webapp/utils/markdown.jsx b/webapp/utils/markdown.jsx
index 7f597eb3d..0b279ca6d 100644
--- a/webapp/utils/markdown.jsx
+++ b/webapp/utils/markdown.jsx
@@ -135,7 +135,13 @@ class MattermostMarkdownRenderer extends marked.Renderer {
         let outHref = href;
 
         try {
-            const unescaped = decodeURIComponent(unescape(href)).replace(/[^\w:]/g, '').toLowerCase();
+            let unescaped = unescape(href);
+            try {
+                unescaped = decodeURIComponent(unescaped);
+            } catch (e) {
+                unescaped = global.unescape(unescaped);
+            }
+            unescaped = unescaped.replace(/[^\w:]/g, '').toLowerCase();
 
             if (unescaped.indexOf('javascript:') === 0 || unescaped.indexOf('vbscript:') === 0 || unescaped.indexOf('data:') === 0) { // eslint-disable-line no-script-url
                 return text;