Module: Redmine::Helpers::URL

Included in:
ApplicationHelper, RedCloth3, FieldFormat::Base, WikiFormatting::CommonMark::SanitizationFilter
Defined in:
lib/redmine/helpers/url.rb

Instance Method Summary collapse

Instance Method Details

safe to render links to given uri?

Returns:

  • (Boolean)


38
39
40
41
42
43
44
45
46
47
# File 'lib/redmine/helpers/url.rb', line 38

def uri_with_link_safe_scheme?(uri)
  # regexp adapted from Sanitize (we need to catch even invalid protocol specs)
  return true unless uri =~ /\A\s*([^\/#]*?)(?:\:|&#0*58|&#x0*3a)/i

  # absolute scheme
  scheme = $1.downcase
  return false unless /\A[a-z][a-z0-9\+\.\-]*\z/.match?(scheme) # RFC 3986

  %w(data javascript vbscript).none?(scheme)
end

#uri_with_safe_scheme?(uri, schemes = ['http', 'https', 'ftp', 'mailto', nil]) ⇒ Boolean

safe for resources fetched without user interaction?

Returns:

  • (Boolean)


26
27
28
29
30
31
32
33
34
35
# File 'lib/redmine/helpers/url.rb', line 26

def uri_with_safe_scheme?(uri, schemes = ['http', 'https', 'ftp', 'mailto', nil])
  # URLs relative to the current document or document root (without a protocol
  # separator, should be harmless
  return true unless uri.to_s.include? ":"

  # Other URLs need to be parsed
  schemes.include? URI.parse(uri).scheme
rescue URI::Error
  false
end