Skip to content

Commit

Permalink
Fix double encoding specific characters with the external links (deci…
Browse files Browse the repository at this point in the history
  • Loading branch information
ahukkanen authored Oct 11, 2024
1 parent d73f97e commit c9fcce0
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
2 changes: 1 addition & 1 deletion decidim-core/app/controllers/decidim/links_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def external_url
end

def escape_url(external_url)
before_fragment, fragment = external_url.split("#", 2)
before_fragment, fragment = URI.decode_www_form_component(external_url).split("#", 2)
escaped_before_fragment = URI::Parser.new.escape(before_fragment)

if fragment
Expand Down
11 changes: 11 additions & 0 deletions decidim-core/spec/system/external_domain_warning_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,17 @@
end
end

context "when the source url has encoded characters" do
let(:destination) { "https://example.org/Me%2Cmyself%2Cand%2CI" }
let(:url) { "http://#{organization.host}/link?external_url=#{destination}" }

it "does not show invalid url alert" do
visit url
expect(page).to have_no_content("Invalid URL")
expect(page).to have_content("Me,myself,and,I")
end
end

context "when url is invalid" do
let(:invalid_url) { "http://#{organization.host}/link?external_url=foo" }

Expand Down

0 comments on commit c9fcce0

Please sign in to comment.