From 4ec5b1600a9ebdfba4a1276b000513d71eaee16c Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 19 Dec 2008 10:16:15 +0000 Subject: [PATCH] Escape double-quotes in image titles. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2144 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- lib/redcloth3.rb | 6 +++++- test/unit/helpers/application_helper_test.rb | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index 7898d721f..fd56a8752 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -435,12 +435,15 @@ class RedCloth3 < String # # Flexible HTML escaping # - def htmlesc( str, mode ) + def htmlesc( str, mode=:Quotes ) + if str str.gsub!( '&', '&' ) str.gsub!( '"', '"' ) if mode != :NoQuotes str.gsub!( "'", ''' ) if mode == :Quotes str.gsub!( '<', '<') str.gsub!( '>', '>') + end + str end # Search and replace for Textile glyphs (quotes, dashes, other symbols) @@ -914,6 +917,7 @@ class RedCloth3 < String def inline_textile_image( text ) text.gsub!( IMAGE_RE ) do |m| stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8] + htmlesc title atts = pba( atts ) atts = " src=\"#{ url }\"#{ atts }" atts << " title=\"#{ title }\"" if title diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb index 31bc1e49d..b3bc8e40d 100644 --- a/test/unit/helpers/application_helper_test.rb +++ b/test/unit/helpers/application_helper_test.rb @@ -70,6 +70,8 @@ class ApplicationHelperTest < HelperTestCase 'floating !>http://foo.bar/image.jpg!' => 'floating
', 'with class !(some-class)http://foo.bar/image.jpg!' => 'with class ', 'with style !{width:100px;height100px}http://foo.bar/image.jpg!' => 'with style ', + 'with title !http://foo.bar/image.jpg(This is a title)!' => 'with title This is a title', + 'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' => 'with title This is a double-quoted "title"', } to_test.each { |text, result| assert_equal "

#{result}

", textilizable(text) } end -- 2.39.5