From 15d83f6ae2e3b52a79e761a63c86907a6161acec Mon Sep 17 00:00:00 2001
From: Makoto Scott-Hinkle <makoto.scotthinkle@gmail.com>
Date: Sat, 1 Oct 2016 13:53:08 -0700
Subject: [PATCH] Filter protocol-relative URLs in ExternalLinkFilter. Fixes
 issue #22742.

---
 .../22742-filter-protocol-relative-urls.yml        |  4 ++++
 lib/banzai/filter/external_link_filter.rb          |  2 +-
 .../lib/banzai/filter/external_link_filter_spec.rb | 14 ++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/22742-filter-protocol-relative-urls.yml

diff --git a/changelogs/unreleased/22742-filter-protocol-relative-urls.yml b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml
new file mode 100644
index 00000000000..b331f5a4eb5
--- /dev/null
+++ b/changelogs/unreleased/22742-filter-protocol-relative-urls.yml
@@ -0,0 +1,4 @@
+---
+title: 'Filter protocol-relative URLs in ExternalLinkFilter. Fixes issue #22742'
+merge_request: 6635
+author: Makoto Scott-Hinkle
diff --git a/lib/banzai/filter/external_link_filter.rb b/lib/banzai/filter/external_link_filter.rb
index 2f19b59e725..d67d466bce8 100644
--- a/lib/banzai/filter/external_link_filter.rb
+++ b/lib/banzai/filter/external_link_filter.rb
@@ -10,7 +10,7 @@ module Banzai
             node.set_attribute('href', href)
           end
 
-          if href =~ /\Ahttp(s)?:\/\// && external_url?(href)
+          if href =~ %r{\A(https?:)?//[^/]} && external_url?(href)
             node.set_attribute('rel', 'nofollow noreferrer')
             node.set_attribute('target', '_blank')
           end
diff --git a/spec/lib/banzai/filter/external_link_filter_spec.rb b/spec/lib/banzai/filter/external_link_filter_spec.rb
index 167397c736b..d9e4525cb28 100644
--- a/spec/lib/banzai/filter/external_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/external_link_filter_spec.rb
@@ -80,4 +80,18 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do
       expect(filter(act).to_html).to eq(exp)
     end
   end
+
+  context 'for protocol-relative links' do
+    let(:doc) { filter %q(<p><a href="//google.com/">Google</a></p>) }
+
+    it 'adds rel="nofollow" to external links' do
+      expect(doc.at_css('a')).to have_attribute('rel')
+      expect(doc.at_css('a')['rel']).to include 'nofollow'
+    end
+
+    it 'adds rel="noreferrer" to external links' do
+      expect(doc.at_css('a')).to have_attribute('rel')
+      expect(doc.at_css('a')['rel']).to include 'noreferrer'
+    end
+  end
 end
-- 
GitLab