Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2026-02-01 04:09:56 +01:00
Code Issues Packages Projects Releases Activity

Merged r21101 from trunk to 4.2-stable (#35441).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/branches/4.2-stable@21108 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA
2021-07-28 23:36:57 +00:00
parent f7dca6a48d
commit baf25dcf76
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/redmine/wiki_formatting/textile/redcloth3.rb
View File

@@ -961,7 +961,7 @@ class RedCloth3 < String
href, alt_title = check_refs( href ) if href
url, url_title = check_refs( url )
next m unless uri_with_safe_scheme?(url)
next m unless uri_with_safe_scheme?(url.partition('?').first)
if href
href = htmlesc(href.dup)
next m if href.downcase.start_with?('javascript:')

2
test/helpers/application_helper_test.rb
View File

@@ -150,6 +150,8 @@ class ApplicationHelperTest < Redmine::HelperTest
'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' =>
'with title <img src="http://foo.bar/image.jpg" title="This is a double-quoted &quot;title&quot;" ' \
'alt="This is a double-quoted &quot;title&quot;" />',
'with query string !http://foo.bar/image.cgi?a=1&b=2!' =>
'with query string <img src="http://foo.bar/image.cgi?a=1&#38;b=2" alt="" />'
}
to_test.each {|text, result| assert_equal "<p>#{result}</p>", textilizable(text)}
end