Bug 1519240 - Markdown comments ruin links wrapped in <>

diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm
index c90772fcaf3ceae2de7519fd8f67a7e3c7ff4b57..8f38788a5a11e99844a6859b8284a7b848270215 100644 (file)
--- a/Bugzilla/Markdown.pm
+++ b/Bugzilla/Markdown.pm
@@ -47,7 +47,8 @@ sub render_html {
   no warnings 'utf8'; # this is needed because our perl is so old.
   # This is a bit faster since it doesn't engage the regex engine.
   # Replace < with \x{FDD4}, and remove \x{FDD4}.
-  $markdown =~ tr/<\x{FDD4}/\x{FDD4}/d;
+  $markdown =~ tr/\x{FDD4}//d;
+  $markdown =~ s{<(?!https?://)}{\x{FDD4}}gs;
   my @valid_text_parent_tags = ('p', 'li', 'td');
   my @bad_tags               = qw( img );
   my $bugzilla_shorthand     = $self->bugzilla_shorthand;

diff --git a/t/markdown.t b/t/markdown.t
index 23f6692d137a147cd5f7419189c53f984b29b9b3..35d7da4f458e9708b81e2dcb9838aabc57e1e6be 100644 (file)
--- a/t/markdown.t
+++ b/t/markdown.t
@@ -11,6 +11,7 @@ use lib qw( . lib local/lib/perl5 );
 
 use Bugzilla::Test::MockDB;
 use Bugzilla::Test::MockParams (password_complexity => 'no_constraints');
+use Mojo::DOM;
 use Bugzilla;
 use Test2::V0;
 
@@ -77,4 +78,17 @@ HTML
 
 is($parser->render_html($table_markdown), $table_html, 'Table extension');
 
+{
+  no warnings 'utf8';
+  is($parser->render_html("\x{FDD4}"), "", "strips out PUA char");
+}
+
+my $angle_link =  $parser->render_html("<https://searchfox.org/mozilla-central/rev/76fe4bb385348d3f45bbebcf69ba8c7283dfcec7/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java#101>");
+
+my $angle_link_dom = Mojo::DOM->new($angle_link);
+my $ahref = $angle_link_dom->at('a[href]');
+is($ahref->attr('href'), 'https://searchfox.org/mozilla-central/rev/76fe4bb385348d3f45bbebcf69ba8c7283dfcec7/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java#101', 'angle links are parsed properly');
+
+is($parser->render_html('<foo>'), "<p>&lt;foo&gt;</p>\n", "literal tags work");
+
 done_testing;