Skip to content

Commit 7a93841

Browse files
authored
Transform HTTP to HTTPS for known domains in readme.md (#6710)
1 parent 6f2fc14 commit 7a93841

2 files changed

Lines changed: 9 additions & 5 deletions

File tree

src/NuGetGallery/Services/ReadMeService.cs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -212,13 +212,15 @@ internal static string GetReadMeHtml(string readMeMd)
212212
var inline = node.Inline;
213213
if (inline != null && inline.Tag == InlineTag.Link)
214214
{
215-
// Allow only http or https links in markdown.
216-
Uri targetUri;
217-
if (!(Uri.TryCreate(inline.TargetUrl, UriKind.Absolute, out targetUri)
218-
&& (targetUri.Scheme == Uri.UriSchemeHttp || targetUri.Scheme == Uri.UriSchemeHttps)))
215+
// Allow only http or https links in markdown. Transform link to https for known domains.
216+
if (!PackageHelper.TryPrepareUrlForRendering(inline.TargetUrl, out string readyUriString))
219217
{
220218
inline.TargetUrl = string.Empty;
221219
}
220+
else
221+
{
222+
inline.TargetUrl = readyUriString;
223+
}
222224
}
223225
}
224226
}

tests/NuGetGallery.Facts/Services/ReadMeServiceFacts.cs

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -264,9 +264,11 @@ public void EncodesHtmlInMarkdown(string originalMd, string expectedHtml)
264264
[Theory]
265265
[InlineData("# Heading", "<h2>Heading</h2>")]
266266
[InlineData("- List", "<ul><li>List</li></ul>")]
267-
[InlineData("[text](http://www.test.com)", "<p><a href=\"http://www.test.com\" rel=\"nofollow\">text</a></p>")]
267+
[InlineData("[text](http://www.test.com)", "<p><a href=\"http://www.test.com/\" rel=\"nofollow\">text</a></p>")]
268268
[InlineData("[text](javascript:alert('hi'))", "<p><a href=\"\" rel=\"nofollow\">text</a></p>")]
269269
[InlineData("> <text>Blockquote</text>", "<blockquote><p>&lt;text&gt;Blockquote&lt;/text&gt;</p></blockquote>")]
270+
[InlineData("[text](http://www.asp.net)", "<p><a href=\"https://www.asp.net/\" rel=\"nofollow\">text</a></p>")]
271+
[InlineData("[text](badurl://www.asp.net)", "<p><a href=\"\" rel=\"nofollow\">text</a></p>")]
270272
public void ConvertsMarkdownToHtml(string originalMd, string expectedHtml)
271273
{
272274
Assert.Equal(expectedHtml, StripNewLines(ReadMeService.GetReadMeHtml(originalMd)));

0 commit comments

Comments
 (0)