Merge branch 'security-sg-fix-frontend-uri-parse-regex-17-2' into '17-2-stable-ee'

Fixed frontend regex to parse URI

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4420



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

app/views/doorkeeper/authorizations/new.html.haml

@@ -29,7 +29,7 @@
           = html_escape(_('Make sure you trust %{client_name} before authorizing.')) % { client_name: "<strong>#{html_escape(@pre_auth.client.name)}</strong>".html_safe }
       %p
         = html_escape(_('%{owner} %{created_date} ago.')) % { owner: auth_app_owner_text(@pre_auth.client.application.owner), created_date: time_ago_in_words(@pre_auth.client.application.created_at.to_date) }
-        - domain = URI.parse(@pre_auth.redirect_uri).host.gsub('www.', '')
+        - domain = URI.parse(@pre_auth.redirect_uri).host.gsub(/^www\./, '')
         - if @pre_auth.redirect_uri.start_with?('http://', 'https://') && domain != 'localhost'
           = html_escape(_('You will be redirected to %{domain} after authorizing.')) % { domain: "<strong>#{domain}</strong>".html_safe }
   %div

spec/controllers/oauth/authorizations_controller_spec.rb

@@ -150,6 +150,18 @@
               expect(response.body).to have_css('p.gl-text-green-500', text: 'This application is provided by GitLab.')
               expect(response.body).to have_css('[data-testid="tanuki-verified-icon"]')
             end
+
+            context 'when redirect uri has www pattern' do
+              before do
+                application.redirect_uri = "http://www.examplewww.com"
+                application.save!
+              end
+
+              it 'substitutes pattern correctly on display' do
+                subject
+                expect(response.body).to have_css('p', text: "You will be redirected to examplewww.com")
+              end
+            end
           end
           context 'when not on GitLab.com' do