Escape image urls in wiki formatted HTML text (#9245).

author Etienne Massip <etienne.massip@gmail.com>

Mon, 3 Oct 2011 21:45:17 +0000 (21:45 +0000)

committer Etienne Massip <etienne.massip@gmail.com>

Mon, 3 Oct 2011 21:45:17 +0000 (21:45 +0000)
author Etienne Massip <etienne.massip@gmail.com>
Mon, 3 Oct 2011 21:45:17 +0000 (21:45 +0000)
committer Etienne Massip <etienne.massip@gmail.com>
Mon, 3 Oct 2011 21:45:17 +0000 (21:45 +0000)
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb

index f4c6244373fd56376a197c3618fc0887d5ed8b61..8a33943dc01b5bcccdfbe415d91c63722ac83768 100644 (file)
--- a/lib/redcloth3.rb
+++ b/lib/redcloth3.rb
@@ -938,7 +938,7 @@ class RedCloth3 < String
              stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8]
              htmlesc title
              atts = pba( atts )
-            atts = " src=\"#{ url }\"#{ atts }"
+            atts = " src=\"#{ htmlesc url.dup }\"#{ atts }"
              atts << " title=\"#{ title }\"" if title
              atts << " alt=\"#{ title }\"" 
              # size = @getimagesize($url);
author	Etienne Massip <etienne.massip@gmail.com>
	Mon, 3 Oct 2011 21:45:17 +0000 (21:45 +0000)
committer	Etienne Massip <etienne.massip@gmail.com>
	Mon, 3 Oct 2011 21:45:17 +0000 (21:45 +0000)