diff options
| -rw-r--r-- | lib/rdoc/markup/to_html.rb | 2 | ||||
| -rw-r--r-- | test/rdoc/test_rdoc_markup_to_html.rb | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/lib/rdoc/markup/to_html.rb b/lib/rdoc/markup/to_html.rb index ccafdb61ba..bf323074de 100644 --- a/lib/rdoc/markup/to_html.rb +++ b/lib/rdoc/markup/to_html.rb @@ -123,7 +123,7 @@ class RDoc::Markup::ToHtml < RDoc::Markup::Formatter # Reference to a local file relative to the output directory. def handle_regexp_HYPERLINK(target) - url = target.text + url = CGI.escapeHTML(target.text) gen_url url, url end diff --git a/test/rdoc/test_rdoc_markup_to_html.rb b/test/rdoc/test_rdoc_markup_to_html.rb index 3e4a8e8915..d11c2a4ed7 100644 --- a/test/rdoc/test_rdoc_markup_to_html.rb +++ b/test/rdoc/test_rdoc_markup_to_html.rb @@ -836,6 +836,11 @@ EXPECTED assert_equal '<a href="irc://irc.freenode.net/#ruby-lang">irc.freenode.net/#ruby-lang</a>', link end + def test_handle_regexp_HYPERLINK_escape + code = 'irc://irc.freenode.net/"><script>alert(`irc`)</script><a"' + assert_escaped '<script>', code + end + def test_list_verbatim_2 str = "* one\n verb1\n verb2\n* two\n" |