diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2020-02-02 10:19:16 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2020-02-02 10:19:16 +0000 |
| commit | e9d5b0b8dc7f22a31b788ec99f585e46818ba7fe (patch) | |
| tree | a87cb3d8c838cce423303e564b3342262c42832b /lib | |
| parent | 0cd14b3a4bdcd740f98fb4deb8afd71974888a40 (diff) | |
| download | redmine-e9d5b0b8dc7f22a31b788ec99f585e46818ba7fe.tar.gz redmine-e9d5b0b8dc7f22a31b788ec99f585e46818ba7fe.zip | |
White list protocols allowed for Textile links (#32934).
git-svn-id: http://svn.redmine.org/redmine/trunk@19489 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/redmine/wiki_formatting/textile/redcloth3.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb index d33aede8d..80e0a3626 100644 --- a/lib/redmine/wiki_formatting/textile/redcloth3.rb +++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb @@ -350,7 +350,7 @@ class RedCloth3 < String PUNCT = Regexp::quote( '!"#$%&\'*+,-./:;=?@\\^_`|~' ) PUNCT_NOQ = Regexp::quote( '!"#$&\',./:;=?@\\`|' ) PUNCT_Q = Regexp::quote( '*-_+^~%' ) - HYPERLINK = '(\S+?)([^\w\s/;=\?]*?)(?=\s|<|$)' + HYPERLINK = '(?=\/|https?:\/\/|s?ftps?:\/\/|www\.|mailto:)(\S+?)([^\w\s/;=\?]*?)(?=\s|<|$)' # Text markup tags, don't conflict with block tags SIMPLE_HTML_TAGS = [ @@ -815,7 +815,7 @@ class RedCloth3 < String (?:\(([^)]+?)\)(?="))? # $title ": ( # $url - (\/|[a-zA-Z]+:\/\/|www\.|mailto:) # $proto + (\/|https?:\/\/|s?ftps?:\/\/|www\.|mailto:) # $proto [[:alnum:]_\/]\S+? ) (\/)? # $slash |