[DRE-maint] Bug#774748: patch
Antonio Terceiro
terceiro at debian.org
Sat Feb 21 14:09:55 UTC 2015
Helle Cédric,
On Tue, Feb 10, 2015 at 03:16:12PM +0100, Cédric Barboiron wrote:
> def image(opts)
> opts.delete(:align)
> opts[:alt] = opts[:title]
> - img = "<img src=\"#{escape_attribute opts[:src]}\"#{pba(opts)} alt=\"#{escape_attribute opts[:alt].to_s}\" />"
> - img = "<a href=\"#{escape_attribute opts[:href]}\">#{img}</a>" if opts[:href]
> + src = escape_uri(escape_attribute(opts[:src]))
> + href = escape_uri(escape_attribute(opts[:href])) if opts[:href]
> + img = "<img src=\"#{src}\"#{pba(opts)} alt=\"#{escape_attribute opts[:alt].to_s}\" />"
> + img = "<a href=\"#{href}\">#{img}</a>" if href
> img
> end
I just tested both iceweasel and chromium and they do *not* do anything when
given img tags with a javascript: url; I would assume all browsers do
the same, so this patch seems more intrusive than necessary. I have a
patch of my own which I will upload soon.
Anyway, thanks for your contribution!
--
Antonio Terceiro <terceiro at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20150221/dd9af4d6/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list