| @@ -0,0 +1,35 | |||||
|
|
1 | # Redmine - project management software | |||
|
|
2 | # Copyright (C) 2006-2016 Jean-Philippe Lang | |||
|
|
3 | # | |||
|
|
4 | # This program is free software; you can redistribute it and/or | |||
|
|
5 | # modify it under the terms of the GNU General Public License | |||
|
|
6 | # as published by the Free Software Foundation; either version 2 | |||
|
|
7 | # of the License, or (at your option) any later version. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU General Public License | |||
|
|
15 | # along with this program; if not, write to the Free Software | |||
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
|
|
17 | ||||
|
|
18 | require 'uri' | |||
|
|
19 | ||||
|
|
20 | module Redmine | |||
|
|
21 | module Helpers | |||
|
|
22 | module URL | |||
|
|
23 | def uri_with_safe_scheme?(uri, schemes = ['http', 'https', 'ftp', 'mailto', nil]) | |||
|
|
24 | # URLs relative to the current document or document root (without a protocol | |||
|
|
25 | # separator, should be harmless | |||
|
|
26 | return true unless uri.include? ":" | |||
|
|
27 | ||||
|
|
28 | # Other URLs need to be parsed | |||
|
|
29 | schemes.include? URI.parse(uri).scheme | |||
|
|
30 | rescue URI::InvalidURIError | |||
|
|
31 | false | |||
|
|
32 | end | |||
|
|
33 | end | |||
|
|
34 | end | |||
|
|
35 | end | |||
| @@ -22,8 +22,11 module Redmine | |||||
| 22 | module Markdown |
|
22 | module Markdown | |
| 23 | class HTML < Redcarpet::Render::HTML |
|
23 | class HTML < Redcarpet::Render::HTML | |
| 24 | include ActionView::Helpers::TagHelper |
|
24 | include ActionView::Helpers::TagHelper | |
|
|
25 | include Redmine::Helpers::URL | |||
| 25 |
|
26 | |||
| 26 | def link(link, title, content) |
|
27 | def link(link, title, content) | |
|
|
28 | return nil unless uri_with_safe_scheme?(link) | |||
|
|
29 | ||||
| 27 | css = nil |
|
30 | css = nil | |
| 28 | unless link && link.starts_with?('/') |
|
31 | unless link && link.starts_with?('/') | |
| 29 | css = 'external' |
|
32 | css = 'external' | |
General Comments 0
You need to be logged in to leave comments.
Login now