FIX: Don't add a slug to constructed quote urls (#12052)

A topic with the slug 'topic' might exist and may end up being linked to by mistake when malformed (i.e. cross-site) quotes are posted.
2025-02-06 11:28:18 +00:00 · 2021-02-11 12:21:13 -06:00 · 2021-02-11 12:21:13 -06:00 · df8436cd7f
commit df8436cd7f
parent 578f753a13
2 changed files with 4 additions and 4 deletions
--- a/lib/pretty_text.rb
+++ b/lib/pretty_text.rb
@ -333,7 +333,7 @@ module PrettyText
    # extract quotes
    doc.css("aside.quote[data-topic]").each do |aside|
      if aside["data-topic"].present?
-        url = +"/t/topic/#{aside["data-topic"]}"
+        url = +"/t/#{aside["data-topic"]}"
        url << "/#{aside["data-post"]}" if aside["data-post"].present?
        links << DetectedLink.new(url, true)
      end
--- a/spec/components/pretty_text_spec.rb
+++ b/spec/components/pretty_text_spec.rb
@ -706,7 +706,7 @@ describe PrettyText do
    end

    it "should extract links to topics" do
-      expect(extract_urls("<aside class=\"quote\" data-topic=\"321\">aside</aside>")).to eq(["/t/topic/321"])
+      expect(extract_urls("<aside class=\"quote\" data-topic=\"321\">aside</aside>")).to eq(["/t/321"])
    end

    it "should lazyYT videos" do
@ -714,7 +714,7 @@ describe PrettyText do
    end

    it "should extract links to posts" do
-      expect(extract_urls("<aside class=\"quote\" data-topic=\"1234\" data-post=\"4567\">aside</aside>")).to eq(["/t/topic/1234/4567"])
+      expect(extract_urls("<aside class=\"quote\" data-topic=\"1234\" data-post=\"4567\">aside</aside>")).to eq(["/t/1234/4567"])
    end

    it "should not extract links to anchors" do
@ -734,7 +734,7 @@ describe PrettyText do
      expect(links.map { |l| [l.url, l.is_quote] }.sort).to eq([
        ["http://body_only.com", false],
        ["http://body_and_quote.com", false],
-        ["/t/topic/1234", true],
+        ["/t/1234", true],
      ].sort)
    end