diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-12-19 10:16:15 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-12-19 10:16:15 +0000 |
| commit | 4ec5b1600a9ebdfba4a1276b000513d71eaee16c (patch) | |
| tree | cba1428a84f575819cdcd96b8d44d6ac0bede335 | |
| parent | 3ce1be14f7db2fcf6a2654a3ed5fe5c118119ec4 (diff) | |
| download | redmine-4ec5b1600a9ebdfba4a1276b000513d71eaee16c.tar.gz redmine-4ec5b1600a9ebdfba4a1276b000513d71eaee16c.zip | |
Escape double-quotes in image titles.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2144 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | lib/redcloth3.rb | 6 | ||||
| -rw-r--r-- | test/unit/helpers/application_helper_test.rb | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index 7898d721f..fd56a8752 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -435,12 +435,15 @@ class RedCloth3 < String # # Flexible HTML escaping # - def htmlesc( str, mode ) + def htmlesc( str, mode=:Quotes ) + if str str.gsub!( '&', '&' ) str.gsub!( '"', '"' ) if mode != :NoQuotes str.gsub!( "'", ''' ) if mode == :Quotes str.gsub!( '<', '<') str.gsub!( '>', '>') + end + str end # Search and replace for Textile glyphs (quotes, dashes, other symbols) @@ -914,6 +917,7 @@ class RedCloth3 < String def inline_textile_image( text ) text.gsub!( IMAGE_RE ) do |m| stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8] + htmlesc title atts = pba( atts ) atts = " src=\"#{ url }\"#{ atts }" atts << " title=\"#{ title }\"" if title diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb index 31bc1e49d..b3bc8e40d 100644 --- a/test/unit/helpers/application_helper_test.rb +++ b/test/unit/helpers/application_helper_test.rb @@ -70,6 +70,8 @@ class ApplicationHelperTest < HelperTestCase 'floating !>http://foo.bar/image.jpg!' => 'floating <div style="float:right"><img src="http://foo.bar/image.jpg" alt="" /></div>', 'with class !(some-class)http://foo.bar/image.jpg!' => 'with class <img src="http://foo.bar/image.jpg" class="some-class" alt="" />', 'with style !{width:100px;height100px}http://foo.bar/image.jpg!' => 'with style <img src="http://foo.bar/image.jpg" style="width:100px;height100px;" alt="" />', + 'with title !http://foo.bar/image.jpg(This is a title)!' => 'with title <img src="http://foo.bar/image.jpg" title="This is a title" alt="This is a title" />', + 'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' => 'with title <img src="http://foo.bar/image.jpg" title="This is a double-quoted "title"" alt="This is a double-quoted "title"" />', } to_test.each { |text, result| assert_equal "<p>#{result}</p>", textilizable(text) } end |