[ruby/rdoc] Escape RDOCLINKs

https://hackerone.com/reports/1187156 https://github.com/ruby/rdoc/commit/7cecf1efae
author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2022-04-13 16:14:07 +0900
committer: git <svn-admin@ruby-lang.org> 2022-10-07 12:09:21 +0900
commit: 9e3ab9da7fe6d4910a48d808e582e825d7b7467d (patch)
tree: b21e32a14625d4eeb7ce389398e7818171e5aacd /lib/rdoc
parent: deaa65660822e070294d6c2a7dfec286cbbdff56 (diff)
1 files changed, 5 insertions, 7 deletions
diff --git a/lib/rdoc/markup/to_html.rb b/lib/rdoc/markup/to_html.rb
index 3c4f82f748..ccafdb61ba 100644
--- a/lib/rdoc/markup/to_html.rb
+++ b/lib/rdoc/markup/to_html.rb
@@ -84,7 +84,7 @@ class RDoc::Markup::ToHtml < RDoc::Markup::Formatter
   def handle_RDOCLINK url # :nodoc:
     case url
     when /^rdoc-ref:/
-      $'
+      CGI.escapeHTML($')
     when /^rdoc-label:/
       text = $'
 
@@ -95,13 +95,11 @@ class RDoc::Markup::ToHtml < RDoc::Markup::Formatter
              else                    text
              end
 
-      gen_url url, text
+      gen_url CGI.escapeHTML(url), CGI.escapeHTML(text)
     when /^rdoc-image:/
-      "<img src=\"#{$'}\">"
-    else
-      url =~ /\Ardoc-[a-z]+:/
-
-      $'
+      %[<img src=\"#{CGI.escapeHTML($')}\">]
+    when /\Ardoc-[a-z]+:/
+      CGI.escapeHTML($')
     end
   end
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2022-04-13 16:14:07 +0900
committer	git <svn-admin@ruby-lang.org>	2022-10-07 12:09:21 +0900
commit	9e3ab9da7fe6d4910a48d808e582e825d7b7467d (patch)
tree	b21e32a14625d4eeb7ce389398e7818171e5aacd /lib/rdoc
parent	deaa65660822e070294d6c2a7dfec286cbbdff56 (diff)