From cbc34f2c5b3cc0e40144886cc37d5c6c1ec9839e Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Mon, 11 Feb 2019 15:55:31 +0000
Subject: Preview URL in Wiki Toolbar should be escaped (#30758).

Patch by Vincent Robert.


git-svn-id: http://svn.redmine.org/redmine/trunk@17856 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/wiki_formatting/markdown/helper.rb | 2 +-
 lib/redmine/wiki_formatting/textile/helper.rb  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/redmine/wiki_formatting/markdown/helper.rb b/lib/redmine/wiki_formatting/markdown/helper.rb
index fac2f8bf3..fb9f1a939 100644
--- a/lib/redmine/wiki_formatting/markdown/helper.rb
+++ b/lib/redmine/wiki_formatting/markdown/helper.rb
@@ -22,7 +22,7 @@ module Redmine
         def wikitoolbar_for(field_id, preview_url = preview_text_path)
           heads_for_wiki_formatter
           url = "#{Redmine::Utils.relative_url_root}/help/#{current_language.to_s.downcase}/wiki_syntax_markdown.html"
-          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{preview_url}'); wikiToolbar.draw();")
+          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{escape_javascript preview_url}'); wikiToolbar.draw();")
         end
 
         def initial_page_content(page)
diff --git a/lib/redmine/wiki_formatting/textile/helper.rb b/lib/redmine/wiki_formatting/textile/helper.rb
index 6e8ba9812..e536a29dc 100644
--- a/lib/redmine/wiki_formatting/textile/helper.rb
+++ b/lib/redmine/wiki_formatting/textile/helper.rb
@@ -23,7 +23,7 @@ module Redmine
           heads_for_wiki_formatter
           # Is there a simple way to link to a public resource?
           url = "#{Redmine::Utils.relative_url_root}/help/#{current_language.to_s.downcase}/wiki_syntax_textile.html"
-          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{preview_url}'); wikiToolbar.draw();")
+          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{escape_javascript preview_url}'); wikiToolbar.draw();")
         end
 
         def initial_page_content(page)
-- 
cgit v1.2.3