Validate URLs against supply-chain attacks

Unfortunately validates_url gem doesn't support mailto or xmpp urls, so we need to write our own validation.
2022-11-02 18:21:00 +00:00 · 2022-11-02 18:21:00 +00:00 · af6fec502a
commit af6fec502a
parent 7e5cbe87ed
3 changed files with 45 additions and 1 deletions
--- a/app/views/site/communities.html.erb
+++ b/app/views/site/communities.html.erb
@ -9,7 +9,13 @@
 <p><%= t ".local_chapters.list_text" %></p>
 <ul>
  <% @local_chapters.each do |chapter| %>
-    <li><a href="<%= chapter.url %>"><%= t "osm_community_index.communities.#{chapter.id}.name" %></a></li>
+    <li>
+      <% if chapter.url %>
+        <a href="<%= chapter.url %>"><%= t "osm_community_index.communities.#{chapter.id}.name" %></a>
+      <% else %>
+        <%= t "osm_community_index.communities.#{chapter.id}.name" %>
+      <% end %>
+    </li>
  <% end %>
 </ul>