From 738bb449efb5ce199a6b3a32d8b4d7de29c6d51b Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 15 Oct 2017 11:36:58 +0000
Subject: [PATCH] URL-escape additional characters with special meaning in the
 generated markup for dropped uploads (#26682).

Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16995 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 public/javascripts/attachments.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/public/javascripts/attachments.js b/public/javascripts/attachments.js
index 21ca97801..1baafc0bd 100644
--- a/public/javascripts/attachments.js
+++ b/public/javascripts/attachments.js
@@ -214,7 +214,8 @@ function addInlineAttachmentMarkup(file) {
     var cursorPosition = $textarea.prop('selectionStart');
     var description = $textarea.val();
     var sanitizedFilename = file.name.replace(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_');
-    var inlineFilename = encodeURIComponent(sanitizedFilename);
+    var inlineFilename = encodeURIComponent(sanitizedFilename)
+      .replace(/[!()]/g, function(match) { return "%" + match.charCodeAt(0).toString(16) });
     var newLineBefore = true;
     var newLineAfter = true;
     if(cursorPosition === 0 || description.substr(cursorPosition-1,1).match(/\r|\n/)) {
-- 
2.39.5