diff options
| -rw-r--r-- | lib/redmine/wiki_formatting/textile/redcloth3.rb | 2 | ||||
| -rw-r--r-- | test/helpers/application_helper_test.rb | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb index 3c43a54d9..2816e1c90 100644 --- a/lib/redmine/wiki_formatting/textile/redcloth3.rb +++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb @@ -961,7 +961,7 @@ class RedCloth3 < String href, alt_title = check_refs( href ) if href url, url_title = check_refs( url ) - next m unless uri_with_safe_scheme?(url) + next m unless uri_with_safe_scheme?(url.partition('?').first) if href href = htmlesc(href.dup) next m if href.downcase.start_with?('javascript:') diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb index 730023443..7226902e4 100644 --- a/test/helpers/application_helper_test.rb +++ b/test/helpers/application_helper_test.rb @@ -150,6 +150,8 @@ class ApplicationHelperTest < Redmine::HelperTest 'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' => 'with title <img src="http://foo.bar/image.jpg" title="This is a double-quoted "title"" ' \ 'alt="This is a double-quoted "title"" />', + 'with query string !http://foo.bar/image.cgi?a=1&b=2!' => + 'with query string <img src="http://foo.bar/image.cgi?a=1&b=2" alt="" />' } to_test.each {|text, result| assert_equal "<p>#{result}</p>", textilizable(text)} end |