From 4e024291a4531f47f7c254c1e49f1494630ddf39 Mon Sep 17 00:00:00 2001 From: Thorsten Eckel Date: Mon, 26 Nov 2018 15:55:27 +0100 Subject: [PATCH] Improve performance by not checking empty strings or strings not containing ':' for URLs (issue #2374). --- lib/html_sanitizer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/html_sanitizer.rb b/lib/html_sanitizer.rb index 8077e81a6..904fa567d 100644 --- a/lib/html_sanitizer.rb +++ b/lib/html_sanitizer.rb @@ -30,7 +30,7 @@ satinize html string based on whiltelist scrubber_link = Loofah::Scrubber.new do |node| # wrap plain-text URLs in tags - if node.is_a?(Nokogiri::XML::Text) && node.ancestors.map(&:name).exclude?('a') + if node.is_a?(Nokogiri::XML::Text) && node.content.present? && node.content.include?(':') && node.ancestors.map(&:name).exclude?('a') urls = URI.extract(node.content, LINKABLE_URL_SCHEMES) .map { |u| u.sub(/[,.]$/, '') } # URI::extract captures trailing dots/commas .reject { |u| u.match?(/^[^:]+:$/) } # URI::extract will match, e.g., 'tel:'