Commit 0d0a9fd1 authored by emassip's avatar emassip
Browse files

Escape image urls in wiki formatted HTML text (#9245).

git-svn-id: https://svn.redmine.org/redmine/trunk@7570 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 32bd9688
...@@ -938,7 +938,7 @@ class RedCloth3 < String ...@@ -938,7 +938,7 @@ class RedCloth3 < String
stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8] stln,algn,atts,url,title,href,href_a1,href_a2 = $~[1..8]
htmlesc title htmlesc title
atts = pba( atts ) atts = pba( atts )
atts = " src=\"#{ url }\"#{ atts }" atts = " src=\"#{ htmlesc url.dup }\"#{ atts }"
atts << " title=\"#{ title }\"" if title atts << " title=\"#{ title }\"" if title
atts << " alt=\"#{ title }\"" atts << " alt=\"#{ title }\""
# size = @getimagesize($url); # size = @getimagesize($url);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment