Fix double-encoding of URLs, causing valid URLs to break and invalid …

…ones to be turned into links
auth10 · Aug 1, 2012 · f78e411 · f78e411
1 parent 25de2cd
commit f78e411
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/JabbR.Tests/TextTransformFacts.cs b/JabbR.Tests/TextTransformFacts.cs
@@ -236,6 +236,34 @@ public void UrlWithCallbacks()
                 Assert.Equal(@"http://a.co/a.png#""onerror='alert(&quot;Eek!&quot;)'", result);
             }
 
+            [Fact]
+            public void UrlWithAmpersand()
+            {
+                //arrange
+                var message = "message http://google.com/?1&amp;2 continues on";
+                HashSet<string> extractedUrls;
+
+                //act
+                var result = TextTransform.TransformAndExtractUrls(message, out extractedUrls);
+
+                //assert
+                Assert.Equal("message <a rel=\"nofollow external\" target=\"_blank\" href=\"http://google.com/?1&amp;2\" title=\"http://google.com/?1&amp;2\">http://google.com/?1&amp;2</a> continues on", result);
+            }
+
+            [Fact]
+            public void UrlWithInvalidButEscapedCharacters()
+            {
+                //arrange
+                var message = "message http://google.com/&lt;a&gt; continues on";
+                HashSet<string> extractedUrls;
+
+                //act
+                var result = TextTransform.TransformAndExtractUrls(message, out extractedUrls);
+
+                //assert
+                Assert.Equal("message http://google.com/&lt;a&gt; continues on", result);
+            }
+
             [Fact]
             public void LocalHost()
             {

diff --git a/JabbR/Infrastructure/TextTransform.cs b/JabbR/Infrastructure/TextTransform.cs
@@ -50,7 +50,7 @@ public static string TransformAndExtractUrls(string message, out HashSet<string>
             var urls = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
             message = urlPattern.Replace(message, m =>
             {
-                string url = m.Value;
+                string url = HttpUtility.HtmlDecode(m.Value);
                 if (!url.Contains("://"))
                 {
                     url = "http://" + url;
@@ -61,7 +61,7 @@ public static string TransformAndExtractUrls(string message, out HashSet<string>
                     return m.Value;
                 }
 
-                urls.Add(HttpUtility.HtmlDecode(url));
+                urls.Add(url);
 
                 return String.Format(CultureInfo.InvariantCulture,
                                      "<a rel=\"nofollow external\" target=\"_blank\" href=\"{0}\" title=\"{1}\">{1}</a>",