Escape HYPERLINKs

nobu · nobu · commit ac35485be625 · 2022-10-07T11:45:27.000+09:00
diff --git a/lib/rdoc/markup/to_html.rb b/lib/rdoc/markup/to_html.rb
@@ -123,7 +123,7 @@ def handle_regexp_HARD_BREAK target
   #   Reference to a local file relative to the output directory.
 
   def handle_regexp_HYPERLINK(target)
-    url = target.text
+    url = CGI.escapeHTML(target.text)
 
     gen_url url, url
   end
diff --git a/test/rdoc/test_rdoc_markup_to_html.rb b/test/rdoc/test_rdoc_markup_to_html.rb
@@ -836,6 +836,11 @@ def test_handle_regexp_HYPERLINK_irc
     assert_equal '<a href="irc://irc.freenode.net/#ruby-lang">irc.freenode.net/#ruby-lang</a>', link
   end
 
+  def test_handle_regexp_HYPERLINK_escape
+    code = 'irc://irc.freenode.net/"><script>alert(`irc`)</script><a"'
+    assert_escaped '<script>', code
+  end
+
   def test_list_verbatim_2
     str = "* one\n    verb1\n    verb2\n* two\n"
 
