From ba635eace99f8552c3364d6b86b07043147c2dac Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Tue, 4 Oct 2022 18:58:37 +0000
Subject: Escape blockquote citation in textile formatting (#37751).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Patch by Jens Krämer.


git-svn-id: https://svn.redmine.org/redmine/trunk@21894 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/wiki_formatting/textile/redcloth3.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb
index dbb919ff1..b935db6b9 100644
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -691,7 +691,7 @@ class RedCloth3 < String
 
     def textile_bq( tag, atts, cite, content )
         cite, cite_title = check_refs( cite )
-        cite = " cite=\"#{cite}\"" if cite
+        cite = " cite=\"#{htmlesc cite.dup}\"" if cite
         atts = shelve( atts ) if atts
         "\t<blockquote#{cite}>\n\t\t<p#{atts}>#{content}</p>\n\t</blockquote>"
     end
-- 
cgit v1.2.3