From c143c2c7abd87ca916115bbca0053a3795b13ad4 Mon Sep 17 00:00:00 2001 From: Yohan Boniface Date: Sat, 4 Aug 2018 14:24:34 +0200 Subject: [PATCH] Poor man escaping of an URL used as query string fix #607 --- umap/static/umap/js/umap.core.js | 1 + umap/static/umap/test/Util.js | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/umap/static/umap/js/umap.core.js b/umap/static/umap/js/umap.core.js index c78a27bd..7fcb521b 100644 --- a/umap/static/umap/js/umap.core.js +++ b/umap/static/umap/js/umap.core.js @@ -73,6 +73,7 @@ L.Util.toHTML = function (r) { // links r = r.replace(/(\[\[http)/g, '[[h_t_t_p'); // Escape for avoiding clash between [[http://xxx]] and http://xxx r = r.replace(/({{http)/g, '{{h_t_t_p'); + r = r.replace(/(=http)/g, '=h_t_t_p'); // http://xxx as query string, see https://github.com/umap-project/umap/issues/607 r = r.replace(/(https?:[^ \<)\n]*)/g, '$1'); r = r.replace(/\[\[(h_t_t_ps?:[^\]|]*?)\]\]/g, '$1'); r = r.replace(/\[\[(h_t_t_ps?:[^|]*?)\|(.*?)\]\]/g, '$2'); diff --git a/umap/static/umap/test/Util.js b/umap/static/umap/test/Util.js index 337fbf52..0dc3b22a 100644 --- a/umap/static/umap/test/Util.js +++ b/umap/static/umap/test/Util.js @@ -94,6 +94,10 @@ describe('L.Util', function () { assert.equal(L.Util.toHTML('A simple iframe: {{{https://osm.org/?url=https%3A//anotherurl.com}}}'), 'A simple iframe: '); }); + it('http link with http link as parameter as variable', function () { + assert.equal(L.Util.toHTML('A phrase with a [[http://iframeurl.com?to=http://another.com]].'), 'A phrase with a http://iframeurl.com?to=http://another.com.'); + }); + }); describe('#escapeHTML', function () {