diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-03-24 20:26:22 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-03-24 20:26:22 +0000 |
| commit | 8cdcf308bef6a2ad9ee4fcf60ae9d716f6c562e8 (patch) | |
| tree | 0eb31156bc692f172ed19595b02e73c1e17ebb7b /lib | |
| parent | 84dfff5957d4486258a1e4a30b9a72933278c1df (diff) | |
| download | redmine-8cdcf308bef6a2ad9ee4fcf60ae9d716f6c562e8.tar.gz redmine-8cdcf308bef6a2ad9ee4fcf60ae9d716f6c562e8.zip | |
Escape href attribute in auto links (#5179).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3612 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/redcloth3.rb | 2 | ||||
| -rw-r--r-- | lib/redmine/wiki_formatting/textile/formatter.rb | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index 045d44f5d..fa48b2db9 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -825,7 +825,7 @@ class RedCloth3 < String post = ")"+post # add closing parenth to post end atts = pba( atts ) - atts = " href=\"#{ url }#{ slash }\"#{ atts }" + atts = " href=\"#{ htmlesc url }#{ slash }\"#{ atts }" atts << " title=\"#{ htmlesc title }\"" if title atts = shelve( atts ) if atts diff --git a/lib/redmine/wiki_formatting/textile/formatter.rb b/lib/redmine/wiki_formatting/textile/formatter.rb index e0cdd6aa3..7645e0206 100644 --- a/lib/redmine/wiki_formatting/textile/formatter.rb +++ b/lib/redmine/wiki_formatting/textile/formatter.rb @@ -21,6 +21,7 @@ module Redmine module WikiFormatting module Textile class Formatter < RedCloth3 + include ActionView::Helpers::TagHelper # auto_link rule after textile rules so that it doesn't break !image_url! tags RULES = [:textile, :block_markdown_rule, :inline_auto_link, :inline_auto_mailto, :inline_toc] @@ -134,7 +135,8 @@ module Redmine url=url[0..-2] # discard closing parenth from url post = ")"+post # add closing parenth to post end - %(#{leading}<a class="external" href="#{proto=="www."?"http://www.":proto}#{url}">#{proto + url}</a>#{post}) + tag = content_tag('a', proto + url, :href => "#{proto=="www."?"http://www.":proto}#{url}", :class => 'external') + %(#{leading}#{tag}#{post}) end end end @@ -146,7 +148,7 @@ module Redmine if text.match(/<a\b[^>]*>(.*)(#{Regexp.escape(mail)})(.*)<\/a>/) mail else - %{<a href="mailto:#{mail}" class="email">#{mail}</a>} + content_tag('a', mail, :href => "mailto:#{mail}", :class => "email") end end end |