Security Fix again, thanks to Yasin Soliman

PierreRambaud · Nov 14, 2017 · 9659f9b · 9659f9b
1 parent 52b9d60
commit 9659f9b
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    gemirro (0.14.0)
+    gemirro (0.15.0)
       builder (~> 3.2)
       confstruct (~> 1.0)
       erubis (~> 2.7)

diff --git a/lib/gemirro/server.rb b/lib/gemirro/server.rb
@@ -1,5 +1,6 @@
 require 'sinatra/base'
 require 'thin'
+require 'uri'
 
 module Gemirro
   ##
@@ -271,6 +272,16 @@ def spec_for(gemname, version, platform = 'ruby')
       def escape(string)
         Rack::Utils.escape_html(string)
       end
+
+      ##
+      # Homepage link
+      #
+      # @param [Gem] spec
+      # @return [String]
+      #
+      def homepage(spec)
+        URI.parse(URI.escape(spec.homepage))
+      end
     end
   end
 end
diff --git a/views/gem.erb b/views/gem.erb
@@ -31,7 +31,7 @@
             <ul class="list-group">
               <% spec.authors.each do |author| %>
                 <li class="list-group-item">
-                  <a href="<%= escape(spec.homepage) %>"><%= escape(author) %></a>
+                  <a href="<%= homepage(spec) %>"><%= escape(author) %></a>
                 </li>
               <% end %>
             </ul>