Merge pull request #14 from DmitryBochkarev/SERVICES-906

fix(sanitizers): подменять невалидные ссылки своим содержимым
abak-press · Mar 10, 2016 · 5c79160 · 5c79160
2 parents 184963b + c23456a
commit 5c79160
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -17,3 +17,7 @@ bundler/install:
 
 appraisal/install:
 	${BUNDLE} exec ${APPRAISAL} install
+
+clear:
+	rm -rf gemfiles
+	rm -f Gemfile.lock
diff --git a/lib/string_tools.rb b/lib/string_tools.rb
@@ -200,6 +200,8 @@ def call(env)
       def normalize_link(node, attr_name)
         return unless node[attr_name]
         node[attr_name] = Addressable::URI.parse(node[attr_name]).normalize.to_s
+      rescue Addressable::URI::InvalidURIError
+        node.swap node.children
       end
     end
 

diff --git a/lib/string_tools/html.rb b/lib/string_tools/html.rb
@@ -73,6 +73,8 @@ def call(node)
         elsif !whitelisted?(SimpleIDN.to_unicode(uri.host))
           replace_with_content node
         end
+      rescue Addressable::URI::InvalidURIError
+        replace_with_content node
       end
 
       def whitelisted?(domain)

diff --git a/spec/html_spec.rb b/spec/html_spec.rb
@@ -45,6 +45,14 @@
           MARKUP
         end
       end
+
+      context 'content with invalid links' do
+        let(:html) { '<a href="http://"><span>a</span>www.фермаежей.рф<span>z</span></a>' }
+
+        it 'should return content without links' do
+          is_expected.to eq '<span>a</span>www.фермаежей.рф<span>z</span>'
+        end
+      end
     end
 
     context 'when whitelist passed' do

diff --git a/spec/string_tools_spec.rb b/spec/string_tools_spec.rb
@@ -31,6 +31,18 @@
       sanitized_string = described_class.sanitize(origin_str)
       expect(sanitized_string).to eq '<a href="http://www.xn--80ajbaetq5a8a.xn--p1ai/">www.фермаежей.рф</a>'
     end
+
+    it 'should delete links with invalid href but keep content' do
+      origin_str = '<a href="http://"><span>a</span>www.фермаежей.рф<span>z</span></a>'
+      sanitized_string = described_class.sanitize(origin_str)
+      expect(sanitized_string).to eq '<span>a</span>www.фермаежей.рф<span>z</span>'
+    end
+
+    it 'should delete images with invalid src' do
+      origin_str = '<span>a</span><img src="http://"/><span>z</span>'
+      sanitized_string = described_class.sanitize(origin_str)
+      expect(sanitized_string).to eq '<span>a</span><span>z</span>'
+    end
   end
 
   describe '#strip_all_tags_and_entities' do

diff --git a/string_tools.gemspec b/string_tools.gemspec
@@ -31,8 +31,8 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler', '~> 1.7'
   spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '>= 2.14.0'
-  spec.add_development_dependency 'rspec-rails', '>= 2.14.0'
+  spec.add_development_dependency 'rspec', '>= 3.4'
+  spec.add_development_dependency 'rspec-rails', '>= 3.4'
   spec.add_development_dependency 'rspec-given', '~> 3.5'
   spec.add_development_dependency 'shoulda-matchers', '~> 2.0'
   spec.add_development_dependency 'appraisal', '>= 1.0.2'