diff options
author | Pierre Rudloff <contact@rudloff.pro> | 2016-10-26 18:36:16 +0200 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-10-26 12:36:16 -0400 |
commit | 7e67eabca91d9c52b741d0808ffb6f556d8ffb13 (patch) | |
tree | 0360c66718b63b088e04704eb62a896fc41bad0a /webapp/utils/markdown.jsx | |
parent | c07cdd666a05dc7394f8a2f7799c2fbdbca2c9ca (diff) | |
download | chat-7e67eabca91d9c52b741d0808ffb6f556d8ffb13.tar.gz chat-7e67eabca91d9c52b741d0808ffb6f556d8ffb13.tar.bz2 chat-7e67eabca91d9c52b741d0808ffb6f556d8ffb13.zip |
Fix URL parsing when URL has been encoded with escape() (fixes #4322) (#4338)
Diffstat (limited to 'webapp/utils/markdown.jsx')
-rw-r--r-- | webapp/utils/markdown.jsx | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/webapp/utils/markdown.jsx b/webapp/utils/markdown.jsx index 7f597eb3d..0b279ca6d 100644 --- a/webapp/utils/markdown.jsx +++ b/webapp/utils/markdown.jsx @@ -135,7 +135,13 @@ class MattermostMarkdownRenderer extends marked.Renderer { let outHref = href; try { - const unescaped = decodeURIComponent(unescape(href)).replace(/[^\w:]/g, '').toLowerCase(); + let unescaped = unescape(href); + try { + unescaped = decodeURIComponent(unescaped); + } catch (e) { + unescaped = global.unescape(unescaped); + } + unescaped = unescaped.replace(/[^\w:]/g, '').toLowerCase(); if (unescaped.indexOf('javascript:') === 0 || unescaped.indexOf('vbscript:') === 0 || unescaped.indexOf('data:') === 0) { // eslint-disable-line no-script-url return text; |