diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-10-15 11:36:58 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-10-15 11:36:58 +0000 |
commit | 738bb449efb5ce199a6b3a32d8b4d7de29c6d51b (patch) | |
tree | 27351b635011c3b4b0ea560a43f8cf3af3d61bdf | |
parent | 5aeb19962a9f9d573e909fa82643803b1a7f2d86 (diff) | |
download | redmine-738bb449efb5ce199a6b3a32d8b4d7de29c6d51b.tar.gz redmine-738bb449efb5ce199a6b3a32d8b4d7de29c6d51b.zip |
URL-escape additional characters with special meaning in the generated markup for dropped uploads (#26682).
Patch by Holger Just.
git-svn-id: http://svn.redmine.org/redmine/trunk@16995 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r-- | public/javascripts/attachments.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/public/javascripts/attachments.js b/public/javascripts/attachments.js index 21ca97801..1baafc0bd 100644 --- a/public/javascripts/attachments.js +++ b/public/javascripts/attachments.js @@ -214,7 +214,8 @@ function addInlineAttachmentMarkup(file) { var cursorPosition = $textarea.prop('selectionStart'); var description = $textarea.val(); var sanitizedFilename = file.name.replace(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_'); - var inlineFilename = encodeURIComponent(sanitizedFilename); + var inlineFilename = encodeURIComponent(sanitizedFilename) + .replace(/[!()]/g, function(match) { return "%" + match.charCodeAt(0).toString(16) }); var newLineBefore = true; var newLineAfter = true; if(cursorPosition === 0 || description.substr(cursorPosition-1,1).match(/\r|\n/)) { |