Use uri_with_link_safe_scheme? in Redcloth3 (#38807).

Patch by Holger Just. git-svn-id: https://svn.redmine.org/redmine/trunk@22303 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-03-08 05:30:45 +01:00 · 2023-09-18 07:55:40 +00:00
parent ba181c7328
commit 303abf0783
1 changed files with 2 additions and 2 deletions
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -841,7 +841,7 @@ class RedCloth3 < String
            end

            url = htmlesc(url.dup)
-            next all if url.downcase.start_with?('javascript:')
+            next all unless uri_with_link_safe_scheme?(url)

            atts = pba(atts)
            atts = +" href=\"#{url}#{slash}\"#{atts}"
@@ -965,7 +965,7 @@ class RedCloth3 < String
            next m unless uri_with_safe_scheme?(url.partition('?').first)
            if href
              href = htmlesc(href.dup)
-              next m if href.downcase.start_with?('javascript:')
+              next m unless uri_with_link_safe_scheme?(href)
            end

            out = +''