Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: dart-lang/markdown
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d735b0b
Choose a base ref
..
head repository: dart-lang/markdown
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 62e3349
Choose a head ref
Showing with 8 additions and 1 deletion.
  1. +3 −1 lib/src/inline_syntaxes/image_syntax.dart
  2. +5 −0 test/original/inline_images.unit
4 changes: 3 additions & 1 deletion lib/src/inline_syntaxes/image_syntax.dart
Original file line number Diff line number Diff line change
@@ -24,7 +24,9 @@ class ImageSyntax extends LinkSyntax {
}) {
final element = Element.empty('img');
final children = getChildren();
element.attributes['src'] = destination;
element.attributes['src'] = normalizeLinkDestination(
escapePunctuation(destination),
);
element.attributes['alt'] = children.map((node) {
// See https://spec.commonmark.org/0.30/#image-description.
// An image description may contain links. Fetch text from the alt
5 changes: 5 additions & 0 deletions test/original/inline_images.unit
Original file line number Diff line number Diff line change
@@ -18,3 +18,8 @@

<<<
<p><img src="http://foo.com/foo.png" alt="alt" /></p>
>>> XSS
![Uh oh...]("onerror="alert('XSS'))

<<<
<p><img src="%22onerror=%22alert('XSS')" alt="Uh oh..." /></p>