Encode non-ASCII characters on external links (decidim#11472) (decidi…

…m#11499) * Encode non-ASCII characters on external links * Lint * Apply suggestions
AjuntamentdeBarcelona · Aug 21, 2023 · 60368ee · 60368ee
1 parent 28ae407
commit 60368ee
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/decidim-core/app/controllers/decidim/links_controller.rb b/decidim-core/app/controllers/decidim/links_controller.rb
@@ -35,7 +35,7 @@ def parse_url
     end
 
     def external_url
-      @external_url ||= URI.parse(params[:external_url])
+      @external_url ||= URI.parse(URI::Parser.new.escape(params[:external_url]))
     end
   end
 end
diff --git a/decidim-core/spec/system/external_domain_warning_spec.rb b/decidim-core/spec/system/external_domain_warning_spec.rb
@@ -28,6 +28,17 @@
     expect(page).to have_link("Another link", href: "http://www.example.org")
   end
 
+  context "when url has special characters" do
+    let(:destination) { "https://example.org/test?foo=bàr" }
+    let(:url) { "http://#{organization.host}/link?external_url=#{destination}" }
+
+    it "does not show invalid url alert" do
+      visit url
+      expect(page).not_to have_content("Invalid URL")
+      expect(page).to have_content("b%C3%A0r")
+    end
+  end
+
   context "when url is invalid" do
     let(:invalid_url) { "http://#{organization.host}/link?external_url=foo" }