diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-04-10 19:27:42 +0300 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-04-10 19:30:49 +0300 |
commit | 6cf7dd625a7db143c146de1b146cba7dbcbc2576 (patch) | |
tree | 71155400960473dce634f4a18721c5be1fe8e798 /app/models/user.rb | |
parent | 24d139ba971cf61a4b7a01031c4c57bcba29b172 (diff) |
Fix persistent XSS vulnerability around profile website URLs.
Diffstat (limited to 'app/models/user.rb')
-rw-r--r-- | app/models/user.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 515f29ea0ba..e2b6757bc4d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -486,13 +486,13 @@ class User < ActiveRecord::Base end def full_website_url - return "http://#{website_url}" if website_url !~ /^https?:\/\// + return "http://#{website_url}" if website_url !~ /\Ahttps?:\/\// website_url end def short_website_url - website_url.gsub(/https?:\/\//, '') + website_url.sub(/\Ahttps?:\/\//, '') end def all_ssh_keys |