From a5643efa14d47faecaf2dd3f5dcd71614a71251d Mon Sep 17 00:00:00 2001 From: Leo Franchi Date: Fri, 29 Mar 2013 15:17:33 -0400 Subject: [PATCH] Allow @ in urls (imported from commit cb2ffe4a8f050e732bb06ab4609997be35577417) --- zephyr/lib/bugdown/__init__.py | 20 +++++++++++--------- zephyr/tests.py | 11 ++++++++--- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/zephyr/lib/bugdown/__init__.py b/zephyr/lib/bugdown/__init__.py index 49dc6c1270..70595e1652 100644 --- a/zephyr/lib/bugdown/__init__.py +++ b/zephyr/lib/bugdown/__init__.py @@ -239,9 +239,10 @@ class Emoji(markdown.inlinepatterns.Pattern): return orig_syntax return make_emoji(name, orig_syntax) -def fixup_link(link): +def fixup_link(link, target_blank=True): """Set certain attributes we want on every link.""" - link.set('target', '_blank') + if target_blank: + link.set('target', '_blank') link.set('title', link.get('href')) @@ -257,6 +258,11 @@ def sanitize_url(url): # Bad url - so bad it couldn't be parsed. return '' + # If there is no scheme or netloc and there is a '@' in the path, + # treat it as a mailto: and set the appropriate scheme + if scheme == '' and netloc == '' and '@' in path: + scheme = 'mailto' + # Humbug modification: If scheme is not specified, assume http:// # It's unlikely that users want relative links within humbughq.com. # We re-enter sanitize_url because netloc etc. need to be re-parsed. @@ -287,23 +293,19 @@ def sanitize_url(url): # the colon check, which would also forbid a lot of legitimate URLs. # Url passes all tests. Return url as-is. - return urlparse.urlunparse(parts) + return urlparse.urlunparse((scheme, netloc, path, params, query, fragment)) def url_to_a(url): a = markdown.util.etree.Element('a') - if '@' in url: - href = 'mailto:' + url - else: - href = url - href = sanitize_url(href) + href = sanitize_url(url) if href is None: # Rejected by sanitize_url; render it as plain text. return url a.set('href', href) a.text = url - fixup_link(a) + fixup_link(a, not 'mailto:' in href[:7]) return a class AutoLink(markdown.inlinepatterns.Pattern): diff --git a/zephyr/tests.py b/zephyr/tests.py index 254257774d..cca617ea22 100644 --- a/zephyr/tests.py +++ b/zephyr/tests.py @@ -2016,6 +2016,8 @@ int x = 3 'http://web.archive.org/web/20120630032016/http://web.mit.edu/mitcard/idpolicies.html'), ('https://www.dropbox.com/sh/7d0ved3h5kf7dj8/_aD5_ceDFY?lst#f:Humbug-062-subscriptions-page-3rd-ver.fw.png', '

%s

', 'https://www.dropbox.com/sh/7d0ved3h5kf7dj8/_aD5_ceDFY?lst#f:Humbug-062-subscriptions-page-3rd-ver.fw.png'), + ('http://www.postgresql.org/message-id/14040.1364490185@sss.pgh.pa.us', '

%s

', + 'http://www.postgresql.org/message-id/14040.1364490185@sss.pgh.pa.us'), # XSS sanitization; URL is rendered as plain text ('javascript:alert(\'hi\');.com', "

javascript:alert('hi');.com

", ''), @@ -2039,8 +2041,7 @@ int x = 3 '

[foo](javascript:<i>"foo&bar"</i>)

', ''), # Emails - ('Sent to othello@humbughq.com', "

Sent to %s

", 'othello@humbughq.com'), - #('http://leo@foo.com/my/file', "

http://leo@foo.com/my/file

", ''), #broken for now + ('http://leo@foo.com/my/file', "

%s

", 'http://leo@foo.com/my/file'), ('http://example.com/something?with,commas,in,url, but not at end', "

%s, but not at end

", 'http://example.com/something?with,commas,in,url'), @@ -2076,7 +2077,11 @@ NY-Haskell/events/108707682/?a=co1.1_grp&rv=co1.1\">Haskell NYC Meetuplink

'), ('[YOLO](http://en.wikipedia.org/wiki/YOLO_(motto))', '

YOLO

') +>YOLO

'), + ('Sent to http_something_real@humbughq.com', '

Sent to http_something_real@humbughq.com

'), + ('Sent to othello@humbughq.com', '

Sent to \ +othello@humbughq.com

') ) for input, output in urls: