From e077b3f1415c6f996d0de96487c78efe3eb2823f Mon Sep 17 00:00:00 2001
From: Neil Lalonde <neillalonde@gmail.com>
Date: Wed, 8 Feb 2017 15:34:42 -0500
Subject: [PATCH] FIX: composer should only feature links to external sites

---
 .../discourse/components/composer-title.js.es6       |  4 ++++
 .../acceptance/composer-topic-links-test.js.es6      | 12 ++++++++++++
 test/javascripts/helpers/create-pretender.js.es6     |  8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/app/assets/javascripts/discourse/components/composer-title.js.es6 b/app/assets/javascripts/discourse/components/composer-title.js.es6
index 1a2eb1bea7c..b664023aa18 100644
--- a/app/assets/javascripts/discourse/components/composer-title.js.es6
+++ b/app/assets/javascripts/discourse/components/composer-title.js.es6
@@ -54,6 +54,10 @@ export default Ember.Component.extend({
     if (!this.element || this.isDestroying || this.isDestroyed) { return; }
 
     if (this.get('isAbsoluteUrl') && (this.get('composer.reply')||"").length === 0) {
+
+      // only feature links to external sites
+      if (this.get('composer.title').match(new RegExp("^https?:\\/\\/" + window.location.hostname, "i"))) { return; }
+
       // Try to onebox. If success, update post body and title.
       this.set('composer.loading', true);
 
diff --git a/test/javascripts/acceptance/composer-topic-links-test.js.es6 b/test/javascripts/acceptance/composer-topic-links-test.js.es6
index 2ff236abe49..00ead70521f 100644
--- a/test/javascripts/acceptance/composer-topic-links-test.js.es6
+++ b/test/javascripts/acceptance/composer-topic-links-test.js.es6
@@ -40,3 +40,15 @@ test("no onebox result", () => {
     equal(find('.title-input input').val(), "http://www.example.com/nope-onebox.html", "title is unchanged");
   });
 });
+
+test("ignore internal links", () => {
+  visit("/");
+  click('#create-topic');
+  const title = "http://" + window.location.hostname + "/internal-page.html";
+  fillIn('#reply-title', title);
+  andThen(() => {
+    equal(find('.d-editor-preview').html().trim().indexOf('onebox'), -1, "onebox preview doesn't show");
+    equal(find('.d-editor-input').val().length, 0, "link isn't put into the post");
+    equal(find('.title-input input').val(), title, "title is unchanged");
+  });
+});
diff --git a/test/javascripts/helpers/create-pretender.js.es6 b/test/javascripts/helpers/create-pretender.js.es6
index 92e37105b00..8ed14ff788c 100644
--- a/test/javascripts/helpers/create-pretender.js.es6
+++ b/test/javascripts/helpers/create-pretender.js.es6
@@ -343,6 +343,14 @@ export default function() {
         ];
       }
 
+      if (request.queryParams.url.indexOf('/internal-page.html') > -1) {
+        return [
+          200,
+          {"Content-Type": "application/html"},
+          '<aside class="onebox"><article class="onebox-body"><h3><a href="/internal-page.html">Internal Page 4 U</a></h3></article></aside>'
+        ];
+      }
+
       return [404, {"Content-Type": "application/html"}, ''];;
     });
   });