trac-wiki 0.1.1 → 0.1.2

data/lib/trac-wiki/parser.rb

@@ -209,7 +209,7 @@ module TracWiki
     # markup, for example to add html additional attributes or
     # to put divs around the imgs.
     def make_image(uri, attrs='')
-      "<img src=\"#{escape_html(uri)}\"#{make_image_attrs(attrs)}/>"
+      "<img src=\"#{make_explicit_link(uri)}\"#{make_image_attrs(attrs)}/>"
     end
 
     def make_image_attrs(attrs)
@@ -219,19 +219,19 @@ module TracWiki
        attrs.strip.split(/\s*,\s*/).each do |opt|
          case opt
            when /^\d+[^\d]*$/
-             a['width'] = opt
+             a['width'] = escape_url(opt)
            when /^(right|left|center)/i
-             a['align'] = opt
+             a['align'] = escape_url(opt)
            when  /^(top|bottom|middle)$/i
-             a['valign'] = opt
+             a['valign'] = escape_url(opt)
            when  /^link=(.*)$/i
              # pass
            when  /^nolink$/i
              # pass
            when /^(align|valign|border|width|height|alt|title|longdesc|class|id|usemap)=(.*)$/i
-            a[$1]= escape_html($2)
+            a[$1]= escape_url($2)
            when /^(margin|margin-(left|right|top|bottom))=(\d+)$/
-            style.push($1 + ":" + escape_html($3))
+            style.push($1 + ':' + escape_url($3))
          end
        end
        a['style'] = style.join(';') if ! style.empty?

data/lib/trac-wiki/version.rb

@@ -1,3 +1,3 @@
 module TracWiki
-  VERSION = '0.1.1'
+  VERSION = '0.1.2'
 end

data/test/parser_test.rb

@@ -449,8 +449,8 @@ describe TracWiki::Parser do
     # Image tags should be escape
     tc("<p><img src=\"image.jpg\"/></p>\n", "[[Image(image.jpg)]]")
     tc("<p><img src=\"image.jpg\"/></p>\n", "[[Image(image.jpg)]]", :no_link=>true)
-    tc("<p><img src=\"image.jpg\" alt=\"a&quot;tag&quot;\"/></p>\n", "[[Image(image.jpg,alt=a\"tag\")]]")
-    tc("<p><img src=\"image.jpg\" alt=\"a&quot;tag&quot;\"/></p>\n", "[[Image(image.jpg,alt=a\"tag\")]]", :no_link=>true)
+    tc("<p><img src=\"image.jpg\" alt=\"a%22tag%22\"/></p>\n", "[[Image(image.jpg,alt=a\"tag\")]]")
+    tc("<p><img src=\"image.jpg\" alt=\"a%22tag%22\"/></p>\n", "[[Image(image.jpg,alt=a\"tag\")]]", :no_link=>true)
 
     # Malicious links should not be converted.
     tc("<p><a href=\"javascript%3Aalert%28%22Boo%21%22%29\">Click</a></p>\n", "[[javascript:alert(\"Boo!\")|Click]]")
@@ -708,6 +708,7 @@ describe TracWiki::Parser do
 
   it 'should parse image' do
     tc("<p><img src=\"image.jpg\"/></p>\n", "[[Image(image.jpg)]]")
+    tc("<p><img src=\"javascript%3Aimage.jpg\" alt=\"tag\"/></p>\n", "[[Image(javascript:image.jpg,alt=tag)]]")
     tc("<p><img src=\"image.jpg\" alt=\"tag\"/></p>\n", "[[Image(image.jpg,alt=tag)]]")
     tc("<p><img src=\"image.jpg\" width=\"120px\"/></p>\n", "[[Image(image.jpg, 120px )]]")
     tc("<p><img src=\"image.jpg\" width=\"120px\"/></p>\n", "[[Image(image.jpg, \t120px   )]]")
@@ -720,7 +721,7 @@ describe TracWiki::Parser do
     tc("<p><img src=\"image.jpg\" valign=\"middle\"/></p>\n", "[[Image(image.jpg, middle)]]")
     tc("<p><img src=\"image.jpg\" title=\"houhouhou\"/></p>\n", "[[Image(image.jpg, title=houhouhou)]]")
     tc("<p><img src=\"image.jpg\" width=\"120px\"/></p>\n", "[[Image(image.jpg,width=120px)]]")
-    tc("<p><img src=\"image.jpg\" width=\"120%\"/></p>\n", "[[Image(image.jpg, width=120%)]]")
+    tc("<p><img src=\"image.jpg\" width=\"120%25\"/></p>\n", "[[Image(image.jpg, width=120%)]]")
     tc("<p><img src=\"image.jpg\" style=\"margin:5\"/></p>\n", "[[Image(image.jpg,margin=5)]]")
     tc("<p><img src=\"http://example.org/image.jpg\"/></p>\n", "[[Image(http://example.org/image.jpg)]]")
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: trac-wiki
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
   prerelease: 
 platform: ruby
 authors: