From f1b4a561bad1cdb449c285eb190b6ab4b1addc93 Mon Sep 17 00:00:00 2001 From: Etienne Massip Date: Mon, 3 Oct 2011 21:45:17 +0000 Subject: [PATCH] Escape image urls in wiki formatted HTML text (#9245). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7570 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- lib/redcloth3.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index f4c624437..8a33943dc 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -938,7 +938,7 @@ class RedCloth3 < String stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8] htmlesc title atts = pba( atts ) - atts = " src=\"#{ url }\"#{ atts }" + atts = " src=\"#{ htmlesc url.dup }\"#{ atts }" atts << " title=\"#{ title }\"" if title atts << " alt=\"#{ title }\"" # size = @getimagesize($url); -- 2.39.5