Module: Redmine::Helpers::URL
- Included in:
- ApplicationHelper, RedCloth3, FieldFormat::Base, WikiFormatting::CommonMark::SanitizationFilter
- Defined in:
- lib/redmine/helpers/url.rb
Instance Method Summary collapse
-
#uri_with_link_safe_scheme?(uri) ⇒ Boolean
safe to render links to given uri?.
-
#uri_with_safe_scheme?(uri, schemes = ['http', 'https', 'ftp', 'mailto', nil]) ⇒ Boolean
safe for resources fetched without user interaction?.
Instance Method Details
#uri_with_link_safe_scheme?(uri) ⇒ Boolean
safe to render links to given uri?
38 39 40 41 42 43 44 45 46 47 |
# File 'lib/redmine/helpers/url.rb', line 38 def uri_with_link_safe_scheme?(uri) # regexp adapted from Sanitize (we need to catch even invalid protocol specs) return true unless uri =~ /\A\s*([^\/#]*?)(?:\:|�*58|�*3a)/i # absolute scheme scheme = $1.downcase return false unless /\A[a-z][a-z0-9\+\.\-]*\z/.match?(scheme) # RFC 3986 %w(data javascript vbscript).none?(scheme) end |
#uri_with_safe_scheme?(uri, schemes = ['http', 'https', 'ftp', 'mailto', nil]) ⇒ Boolean
safe for resources fetched without user interaction?
26 27 28 29 30 31 32 33 34 35 |
# File 'lib/redmine/helpers/url.rb', line 26 def uri_with_safe_scheme?(uri, schemes = ['http', 'https', 'ftp', 'mailto', nil]) # URLs relative to the current document or document root (without a protocol # separator, should be harmless return true unless uri.to_s.include? ":" # Other URLs need to be parsed schemes.include? URI.parse(uri).scheme rescue URI::Error false end |