Use uri_with_link_safe_scheme? in Redcloth3 (#38807).

Patch by Holger Just. git-svn-id: https://svn.redmine.org/redmine/trunk@22303 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Go MAEDA <maeda@farend.jp> 2023-09-18 07:55:40 +0000
committer: Go MAEDA <maeda@farend.jp> 2023-09-18 07:55:40 +0000
commit: 303abf07830720eb808db4019be7d544e8fa217c (patch)
tree: 9d6bd82d898dfb278f82cd886ec1d101cfd5633a /lib/redmine/wiki_formatting
parent: ba181c732806eed652e8b9990f22621c19590d77 (diff)
download: redmine-303abf07830720eb808db4019be7d544e8fa217c.tar.gz
redmine-303abf07830720eb808db4019be7d544e8fa217c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb
index a2b53997f..e319d90db 100644
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -841,7 +841,7 @@ class RedCloth3 < String
             end
 
             url = htmlesc(url.dup)
-            next all if url.downcase.start_with?('javascript:')
+            next all unless uri_with_link_safe_scheme?(url)
 
             atts = pba(atts)
             atts = +" href=\"#{url}#{slash}\"#{atts}"
@@ -965,7 +965,7 @@ class RedCloth3 < String
             next m unless uri_with_safe_scheme?(url.partition('?').first)
             if href
               href = htmlesc(href.dup)
-              next m if href.downcase.start_with?('javascript:')
+              next m unless uri_with_link_safe_scheme?(href)
             end
 
             out = +''
author	Go MAEDA <maeda@farend.jp>	2023-09-18 07:55:40 +0000
committer	Go MAEDA <maeda@farend.jp>	2023-09-18 07:55:40 +0000
commit	303abf07830720eb808db4019be7d544e8fa217c (patch)
tree	9d6bd82d898dfb278f82cd886ec1d101cfd5633a /lib/redmine/wiki_formatting
parent	ba181c732806eed652e8b9990f22621c19590d77 (diff)
download	redmine-303abf07830720eb808db4019be7d544e8fa217c.tar.gz redmine-303abf07830720eb808db4019be7d544e8fa217c.zip