lib/trac-wiki/parser.rb in trac-wiki-0.1.1 vs lib/trac-wiki/parser.rb in trac-wiki-0.1.2

@@ -207,32 +207,32 @@
     # Create image markup. This
     # method can be overridden to generate custom
     # markup, for example to add html additional attributes or
     # to put divs around the imgs.
     def make_image(uri, attrs='')
-      "<img src=\"#{escape_html(uri)}\"#{make_image_attrs(attrs)}/>"
+      "<img src=\"#{make_explicit_link(uri)}\"#{make_image_attrs(attrs)}/>"
     end
 
     def make_image_attrs(attrs)
        return '' if ! attrs
        a = {}
        style = []
        attrs.strip.split(/\s*,\s*/).each do |opt|
          case opt
            when /^\d+[^\d]*$/
-             a['width'] = opt
+             a['width'] = escape_url(opt)
            when /^(right|left|center)/i
-             a['align'] = opt
+             a['align'] = escape_url(opt)
            when  /^(top|bottom|middle)$/i
-             a['valign'] = opt
+             a['valign'] = escape_url(opt)
            when  /^link=(.*)$/i
              # pass
            when  /^nolink$/i
              # pass
            when /^(align|valign|border|width|height|alt|title|longdesc|class|id|usemap)=(.*)$/i
-            a[$1]= escape_html($2)
+            a[$1]= escape_url($2)
            when /^(margin|margin-(left|right|top|bottom))=(\d+)$/
-            style.push($1 + ":" + escape_html($3))
+            style.push($1 + ':' + escape_url($3))
          end
        end
        a['style'] = style.join(';') if ! style.empty?
        return '' if a.empty?
        return ' ' + a.map{|k,v| "#{k}=\"#{v}\"" }.sort.join(' ')