github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 21:21:19 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: no-follow not handled correctly for sub domains

Browse Source 
if a.com was whitelisted aa.com would pass through
This commit is contained in:
Sam
2015-05-27 14:31:01 +10:00
parent 693b5234da
commit 93ab03966e
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/pretty_text.rb
View File

@ -242,8 +242,9 @@ module PrettyText
site_uri ||= URI(Discourse.base_url) site_uri ||= URI(Discourse.base_url)
if !uri.host.present? || if !uri.host.present? ||
uri.host.ends_with?(site_uri.host) || uri.host == site_uri.host ||
whitelist.any?{|u| uri.host.ends_with?(u)} uri.host.ends_with?("." << site_uri.host) ||
whitelist.any?{|u| uri.host == u || uri.host.ends_with?("." << u)}
# we are good no need for nofollow # we are good no need for nofollow
else else
l["rel"] = "nofollow" l["rel"] = "nofollow"

8
spec/components/pretty_text_spec.rb
View File

@ -69,10 +69,18 @@ describe PrettyText do
expect(PrettyText.cook("<a href='#{Discourse.base_url.sub('http://', 'http://bla.')}/test.html'>cnn</a>") !~ /nofollow/).to eq(true) expect(PrettyText.cook("<a href='#{Discourse.base_url.sub('http://', 'http://bla.')}/test.html'>cnn</a>") !~ /nofollow/).to eq(true)
end end
it "should inject nofollow in all non subdomain links" do
expect(PrettyText.cook("<a href='#{Discourse.base_url.sub('http://', 'http://bla')}/test.html'>cnn</a>")).to match(/nofollow/)
end
it "should not inject nofollow for foo.com" do it "should not inject nofollow for foo.com" do
expect(PrettyText.cook("<a href='http://foo.com/test.html'>cnn</a>") !~ /nofollow/).to eq(true) expect(PrettyText.cook("<a href='http://foo.com/test.html'>cnn</a>") !~ /nofollow/).to eq(true)
end end
it "should inject nofollow for afoo.com" do
expect(PrettyText.cook("<a href='http://afoo.com/test.html'>cnn</a>")).to match(/nofollow/)
end
it "should not inject nofollow for bar.foo.com" do it "should not inject nofollow for bar.foo.com" do
expect(PrettyText.cook("<a href='http://bar.foo.com/test.html'>cnn</a>") !~ /nofollow/).to eq(true) expect(PrettyText.cook("<a href='http://bar.foo.com/test.html'>cnn</a>") !~ /nofollow/).to eq(true)
end end