1
0
mirror of https://github.com/mattermost/focalboard.git synced 2025-01-26 18:48:15 +02:00

Fix double encoding (#4079)

* decode/encode urls in markdown to preven double encoding

* revert manifest change

* update title to htmlEncode, added tests

* remove encoding title

* Update webapp/src/utils.test.ts

Co-authored-by: Paul Esch-Laurent <herppfel@gmail.com>

Co-authored-by: Paul Esch-Laurent <herppfel@gmail.com>
This commit is contained in:
Scott Bishel 2022-10-27 14:04:09 -06:00 committed by GitHub
parent e086941fe9
commit 3df9b42941
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions

View File

@ -58,6 +58,16 @@ describe('utils', () => {
expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe(expectedHtml) expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe(expectedHtml)
window.openInNewBrowser = null window.openInNewBrowser = null
}) })
test('should encode links', () => {
expect(Utils.htmlFromMarkdown('https://example.com?title=August<1>2022')).toBe('<p><a target="_blank" rel="noreferrer" href="https://example.com?title=August&lt;1&gt;2022" title="" onclick="">https://example.com?title=August&lt;1&gt;2022</a></p>')
expect(Utils.htmlFromMarkdown('[Duck Duck Go](https://duckduckgo.com "The best search engine\'s for <privacy>")')).toBe('<p><a target="_blank" rel="noreferrer" href="https://duckduckgo.com" title="The best search engine&#39;s for &lt;privacy&gt;" onclick="">Duck Duck Go</a></p>')
})
test('should not double encode title and href', () => {
expect(Utils.htmlFromMarkdown('https://example.com?title=August%201%20-%202022')).toBe('<p><a target="_blank" rel="noreferrer" href="https://example.com?title=August%201%20-%202022" title="" onclick="">https://example.com?title=August%201%20-%202022</a></p>')
expect(Utils.htmlFromMarkdown('[Duck Duck Go](https://duckduckgo.com "The best search engine#39;s for &lt;privacy&gt;")')).toBe('<p><a target="_blank" rel="noreferrer" href="https://duckduckgo.com" title="The best search engine#39;s for &lt;privacy&gt;" onclick="">Duck Duck Go</a></p>')
})
}) })
describe('countCheckboxesInMarkdown', () => { describe('countCheckboxesInMarkdown', () => {

View File

@ -294,8 +294,8 @@ class Utils {
return '<a ' + return '<a ' +
'target="_blank" ' + 'target="_blank" ' +
'rel="noreferrer" ' + 'rel="noreferrer" ' +
`href="${encodeURI(href || '')}" ` + `href="${encodeURI(decodeURI(href || ''))}" ` +
`title="${title ? encodeURI(title) : ''}" ` + `title="${title || ''}" ` +
`onclick="${(window.openInNewBrowser ? ' openInNewBrowser && openInNewBrowser(event.target.href);' : '')}"` + `onclick="${(window.openInNewBrowser ? ' openInNewBrowser && openInNewBrowser(event.target.href);' : '')}"` +
'>' + contents + '</a>' '>' + contents + '</a>'
} }