From e4e37257cc5d5eefe9be47303411fa036d36f850 Mon Sep 17 00:00:00 2001 From: Alan Guo Xiang Tan Date: Fri, 21 Jan 2022 10:03:49 +0800 Subject: [PATCH] FIX: Handle malformed URLs in `TopicEmbed.absolutize_urls`. --- app/models/topic_embed.rb | 14 ++++++++++++-- spec/models/topic_embed_spec.rb | 18 +++++++++++++++--- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/app/models/topic_embed.rb b/app/models/topic_embed.rb index 010676cb162..d3d1572c5d2 100644 --- a/app/models/topic_embed.rb +++ b/app/models/topic_embed.rb @@ -208,14 +208,24 @@ class TopicEmbed < ActiveRecord::Base fragment = Nokogiri::HTML5.fragment("
#{contents}
") fragment.css('a').each do |a| if a['href'].present? - a['href'] = URI.join(prefix, a['href']).to_s + begin + a['href'] = URI.join(prefix, a['href']).to_s + rescue URI::InvalidURIError + # NOOP, URL is malformed + end end end + fragment.css('img').each do |a| if a['src'].present? - a['src'] = URI.join(prefix, a['src']).to_s + begin + a['src'] = URI.join(prefix, a['src']).to_s + rescue URI::InvalidURIError + # NOOP, URL is malformed + end end end + fragment.at('div').inner_html end diff --git a/spec/models/topic_embed_spec.rb b/spec/models/topic_embed_spec.rb index 8913e9b3d8e..abd7cd57f66 100644 --- a/spec/models/topic_embed_spec.rb +++ b/spec/models/topic_embed_spec.rb @@ -379,13 +379,25 @@ describe TopicEmbed do end describe '.absolutize_urls' do - let(:invalid_url) { 'http://source.com/#double#anchor' } - let(:contents) { "hello world new post hello" } - it "handles badly formed URIs" do + invalid_url = 'http://source.com/#double#anchor' + contents = "hello world new post hello" + raw = TopicEmbed.absolutize_urls(invalid_url, contents) expect(raw).to eq("hello world new post hello") end + + it "handles malformed links" do + url = "https://somesource.com" + + contents = <<~CONTENT + hello world new post hello + some image + CONTENT + + raw = TopicEmbed.absolutize_urls(url, contents) + expect(raw).to eq(contents) + end end end