lib/redcloth/formatters/html.rb in RedCloth-4.3.0 vs lib/redcloth/formatters/html.rb in RedCloth-4.3.1
- old
+ new
@@ -117,14 +117,18 @@
"<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
end
end
def image(opts)
- opts.delete(:align)
- opts[:alt] = opts[:title]
- img = "<img src=\"#{escape_attribute opts[:src]}\"#{pba(opts)} alt=\"#{escape_attribute opts[:alt].to_s}\" />"
- img = "<a href=\"#{escape_attribute opts[:href]}\">#{img}</a>" if opts[:href]
- img
+ if (filter_html || sanitize_html) && ( opts[:src] =~ /^\s*javascript:/ || opts[:href] =~ /^\s*javascript:/ )
+ opts[:title]
+ else
+ opts.delete(:align)
+ opts[:alt] = opts[:title]
+ img = "<img src=\"#{escape_attribute opts[:src]}\"#{pba(opts)} alt=\"#{escape_attribute opts[:alt].to_s}\" />"
+ img = "<a href=\"#{escape_attribute opts[:href]}\">#{img}</a>" if opts[:href]
+ img
+ end
end
def footno(opts)
opts[:id] ||= opts[:text]
%Q{<sup class="footnote" id=\"fnr#{opts[:id]}\"><a href=\"#fn#{opts[:id]}\">#{opts[:text]}</a></sup>}