Fix link sanitization for outgoing text/html and text/markdown toots

Fixes #1739
2022-04-11 08:40:18 +02:00 · 2022-04-11 08:40:18 +02:00 · f2b2614d0a
commit f2b2614d0a
parent 9309c53d21
2 changed files with 10 additions and 2 deletions
--- a/lib/sanitize_ext/sanitize_config.rb
+++ b/lib/sanitize_ext/sanitize_config.rb
@ -133,7 +133,7 @@ class Sanitize
      rel += ['nofollow', 'noopener', 'noreferrer'] unless TagManager.instance.local_url?(node['href'])

      if rel.empty?
-        node['rel']&.delete
+        node.remove_attribute('rel')
      else
        node['rel'] = rel.join(' ')
      end
@ -144,7 +144,7 @@ class Sanitize

      node = env[:node]
      if node['target'] != '_blank' && TagManager.instance.local_url?(node['href'])
-        node['target']&.delete
+        node.remove_attribute('target')
      else
        node['target'] = '_blank'
      end
--- a/spec/lib/advanced_text_formatter_spec.rb
+++ b/spec/lib/advanced_text_formatter_spec.rb
@ -50,6 +50,14 @@ RSpec.describe AdvancedTextFormatter do
        end
      end

+      context 'given text with a local-domain mention' do
+        let(:text) { 'foo https://cb6e6126.ngrok.io/about/more' }
+
+        it 'creates a link' do
+          is_expected.to include '<a href="https://cb6e6126.ngrok.io/about/more"'
+        end
+      end
+
      context 'given text containing linkable mentions' do
        let(:preloaded_accounts) { [Fabricate(:account, username: 'alice')] }
        let(:text) { '@alice' }