Merged r7570 from trunk (#9245).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.2-stable@7578 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Etienne Massip <etienne.massip@gmail.com> 2011-10-04 19:29:00 +0000
committer: Etienne Massip <etienne.massip@gmail.com> 2011-10-04 19:29:00 +0000
commit: 0ef89ee4eaacb419f18a28ad8cdc0f6483054abf (patch)
tree: ec41ca7d100b0324a74256d4b91b2d19ea64604d
parent: 48136727280f38468c77924c0fa304b2add9737e (diff)
download: redmine-0ef89ee4eaacb419f18a28ad8cdc0f6483054abf.tar.gz
redmine-0ef89ee4eaacb419f18a28ad8cdc0f6483054abf.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb
index f4c624437..8a33943dc 100644
--- a/lib/redcloth3.rb
+++ b/lib/redcloth3.rb
@@ -938,7 +938,7 @@ class RedCloth3 < String
             stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8]
             htmlesc title
             atts = pba( atts )
-            atts = " src=\"#{ url }\"#{ atts }"
+            atts = " src=\"#{ htmlesc url.dup }\"#{ atts }"
             atts << " title=\"#{ title }\"" if title
             atts << " alt=\"#{ title }\"" 
             # size = @getimagesize($url);
author	Etienne Massip <etienne.massip@gmail.com>	2011-10-04 19:29:00 +0000
committer	Etienne Massip <etienne.massip@gmail.com>	2011-10-04 19:29:00 +0000
commit	0ef89ee4eaacb419f18a28ad8cdc0f6483054abf (patch)
tree	ec41ca7d100b0324a74256d4b91b2d19ea64604d
parent	48136727280f38468c77924c0fa304b2add9737e (diff)
download	redmine-0ef89ee4eaacb419f18a28ad8cdc0f6483054abf.tar.gz redmine-0ef89ee4eaacb419f18a28ad8cdc0f6483054abf.zip