diff --git a/lib/html_sanitizer.rb b/lib/html_sanitizer.rb
index 9dfd11718..02c9d4bca 100644
--- a/lib/html_sanitizer.rb
+++ b/lib/html_sanitizer.rb
@@ -401,7 +401,6 @@ cleanup html string:
.delete("\t\n\r\u0000")
.gsub(%r{/\*.*?\*/}, '')
.gsub(//, '')
- .gsub(/\[.+?\]/, '')
sanitize_attachment_disposition(cleaned_string)
end
diff --git a/spec/lib/html_sanitizer_spec.rb b/spec/lib/html_sanitizer_spec.rb
index 970ea0d0c..ee214e8eb 100644
--- a/spec/lib/html_sanitizer_spec.rb
+++ b/spec/lib/html_sanitizer_spec.rb
@@ -194,6 +194,13 @@ RSpec.describe HtmlSanitizer do
.to match(HtmlSanitizer::UNPROCESSABLE_HTML_MSG)
end
end
+
+ context 'with href links that contain square brackets' do
+ it 'correctly URL encodes them' do
+ expect(HtmlSanitizer.strict(+'example', true))
+ .to eq('example')
+ end
+ end
end
describe '.cleanup' do
diff --git a/test/unit/html_sanitizer_test.rb b/test/unit/html_sanitizer_test.rb
index eaf757965..6fadb2550 100644
--- a/test/unit/html_sanitizer_test.rb
+++ b/test/unit/html_sanitizer_test.rb
@@ -69,8 +69,8 @@ tt p://6 6.000146.0x7.147/">XSS', true), ''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '![]()
')
- assert_equal(HtmlSanitizer.strict('XXX'), 'XXX')
- assert_equal(HtmlSanitizer.strict('XXX', true), 'XXX')
+ assert_equal(HtmlSanitizer.strict('XXX'), 'XXX')
+ assert_equal(HtmlSanitizer.strict('XXX', true), 'XXX')
assert_equal(HtmlSanitizer.strict(''), 'alert(1)')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict('', true), '')