From deaa65660822e070294d6c2a7dfec286cbbdff56 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Mon, 28 Mar 2022 18:36:56 +0900
Subject: [ruby/rdoc] Escape TIDYLINKs

https://hackerone.com/reports/1187156

https://github.com/ruby/rdoc/commit/1ad2dd3ca2
---
 lib/rdoc/markup/to_html.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/rdoc')

diff --git a/lib/rdoc/markup/to_html.rb b/lib/rdoc/markup/to_html.rb
index 61f14d3ab7..3c4f82f748 100644
--- a/lib/rdoc/markup/to_html.rb
+++ b/lib/rdoc/markup/to_html.rb
@@ -154,9 +154,13 @@ class RDoc::Markup::ToHtml < RDoc::Markup::Formatter
       text =~ /^\{(.*)\}\[(.*?)\]$/ or text =~ /^(\S+)\[(.*?)\]$/
 
     label = $1
-    url   = $2
+    url   = CGI.escapeHTML($2)
 
-    label = handle_RDOCLINK label if /^rdoc-image:/ =~ label
+    if /^rdoc-image:/ =~ label
+      label = handle_RDOCLINK(label)
+    else
+      label = CGI.escapeHTML(label)
+    end
 
     gen_url url, label
   end
-- 
cgit v1.2.3