From 7e67eabca91d9c52b741d0808ffb6f556d8ffb13 Mon Sep 17 00:00:00 2001 From: Pierre Rudloff Date: Wed, 26 Oct 2016 18:36:16 +0200 Subject: Fix URL parsing when URL has been encoded with escape() (fixes #4322) (#4338) --- webapp/tests/formatting_links.test.jsx | 14 ++++++++++++++ webapp/utils/markdown.jsx | 8 +++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/webapp/tests/formatting_links.test.jsx b/webapp/tests/formatting_links.test.jsx index 237ef6121..30461e6be 100644 --- a/webapp/tests/formatting_links.test.jsx +++ b/webapp/tests/formatting_links.test.jsx @@ -501,4 +501,18 @@ describe('Markdown.Links', function() { done(); }); + + it('Links containing %', function(done) { + assert.equal( + Markdown.format('https://en.wikipedia.org/wiki/%C3%89').trim(), + '

https://en.wikipedia.org/wiki/%C3%89

' + ); + + assert.equal( + Markdown.format('https://en.wikipedia.org/wiki/%E9').trim(), + '

https://en.wikipedia.org/wiki/%E9

' + ); + + done(); + }); }); diff --git a/webapp/utils/markdown.jsx b/webapp/utils/markdown.jsx index 7f597eb3d..0b279ca6d 100644 --- a/webapp/utils/markdown.jsx +++ b/webapp/utils/markdown.jsx @@ -135,7 +135,13 @@ class MattermostMarkdownRenderer extends marked.Renderer { let outHref = href; try { - const unescaped = decodeURIComponent(unescape(href)).replace(/[^\w:]/g, '').toLowerCase(); + let unescaped = unescape(href); + try { + unescaped = decodeURIComponent(unescaped); + } catch (e) { + unescaped = global.unescape(unescaped); + } + unescaped = unescaped.replace(/[^\w:]/g, '').toLowerCase(); if (unescaped.indexOf('javascript:') === 0 || unescaped.indexOf('vbscript:') === 0 || unescaped.indexOf('data:') === 0) { // eslint-disable-line no-script-url return text; -- cgit v1.2.3-1-g7c22