From e9f7a26bba75a4bfa91d85cab3595e4478219500 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Wed, 21 Dec 2016 18:47:53 +0000
Subject: Merge branch '22742-filter-protocol-relative-urls' into 'master'

Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742.

Closes #22742

See merge request !6635
---
 .../unreleased/22742-filter-protocol-relative-urls.yml     |  4 ++++
 lib/banzai/filter/external_link_filter.rb                  |  2 +-
 spec/lib/banzai/filter/external_link_filter_spec.rb        | 14 ++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/22742-filter-protocol-relative-urls.yml

diff --git a/changelogs/unreleased/22742-filter-protocol-relative-urls.yml b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml
new file mode 100644
index 00000000000..b331f5a4eb5
--- /dev/null
+++ b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml
@@ -0,0 +1,4 @@
+---
+title: 'Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742'
+merge_request: 6635
+author: Makoto Scott-Hinkle
diff --git a/lib/banzai/filter/external_link_filter.rb b/lib/banzai/filter/external_link_filter.rb
index 2f19b59e725..d67d466bce8 100644
--- a/lib/banzai/filter/external_link_filter.rb
+++ b/lib/banzai/filter/external_link_filter.rb
@@ -10,7 +10,7 @@ module Banzai
             node.set_attribute('href', href)
           end
 
-          if href =~ /\Ahttp(s)?:\/\// && external_url?(href)
+          if href =~ %r{\A(https?:)?//[^/]} && external_url?(href)
             node.set_attribute('rel', 'nofollow noreferrer')
             node.set_attribute('target', '_blank')
           end
diff --git a/spec/lib/banzai/filter/external_link_filter_spec.rb b/spec/lib/banzai/filter/external_link_filter_spec.rb
index 167397c736b..d9e4525cb28 100644
--- a/spec/lib/banzai/filter/external_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/external_link_filter_spec.rb
@@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do
       expect(filter(act).to_html).to eq(exp)
     end
   end
+
+  context 'for protocol-relative links' do
+    let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) }
+
+    it 'adds rel="nofollow" to external links' do
+      expect(doc.at_css('a')).to have_attribute('rel')
+      expect(doc.at_css('a')['rel']).to include 'nofollow'
+    end
+
+    it 'adds rel="noreferrer" to external links' do
+      expect(doc.at_css('a')).to have_attribute('rel')
+      expect(doc.at_css('a')['rel']).to include 'noreferrer'
+    end
+  end
 end
-- 
cgit v1.2.3