diff options
| -rw-r--r-- | lib/redcloth3.rb | 3 | ||||
| -rw-r--r-- | lib/redmine/wiki_formatting/markdown/formatter.rb | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index f9c9054b8..b96ee7ab0 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -165,6 +165,7 @@ # class RedCloth::Textile.new( str ) class RedCloth3 < String + include Redmine::Helpers::URL VERSION = '3.0.4' DEFAULT_RULES = [:textile, :markdown] @@ -960,6 +961,8 @@ class RedCloth3 < String href, alt_title = check_refs( href ) if href url, url_title = check_refs( url ) + return m unless uri_with_safe_scheme?(url) + out = '' out << "<a#{ shelve( " href=\"#{ href }\"" ) }>" if href out << "<img#{ shelve( atts ) } />" diff --git a/lib/redmine/wiki_formatting/markdown/formatter.rb b/lib/redmine/wiki_formatting/markdown/formatter.rb index 2d6f66559..4afbc2fdd 100644 --- a/lib/redmine/wiki_formatting/markdown/formatter.rb +++ b/lib/redmine/wiki_formatting/markdown/formatter.rb @@ -43,6 +43,12 @@ module Redmine "<pre>" + CGI.escapeHTML(code) + "</pre>" end end + + def image(link, title, alt_text) + return unless uri_with_safe_scheme?(link) + + tag('img', :src => link, :alt => alt_text || "", :title => title) + end end class Formatter |