From 543bc535987bd9e0ad1487da8d47e7285a8d3022 Mon Sep 17 00:00:00 2001
From: Jens Maier <jens@elberet.de>
Date: Thu, 18 Sep 2014 22:00:34 +0200
Subject: [PATCH] FIX: double-escaped single quotes in URLs

---
 app/assets/javascripts/discourse/lib/markdown.js | 2 +-
 test/javascripts/lib/markdown-test.js.es6        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/discourse/lib/markdown.js b/app/assets/javascripts/discourse/lib/markdown.js
index 6d5e2baac1..617192bb4c 100644
--- a/app/assets/javascripts/discourse/lib/markdown.js
+++ b/app/assets/javascripts/discourse/lib/markdown.js
@@ -166,7 +166,7 @@ Discourse.Markdown = {
     var url = typeof(uri) === "string" ? uri : uri.toString();
 
     // escape single quotes
-    url = url.replace(/'/g, "&#39;");
+    url = url.replace(/'/g, "%27");
 
     // whitelist some iframe only
     if (hints && hints.XML_TAG === "iframe" && hints.XML_ATTR === "src") {
diff --git a/test/javascripts/lib/markdown-test.js.es6 b/test/javascripts/lib/markdown-test.js.es6
index 868300c71e..32991d40b1 100644
--- a/test/javascripts/lib/markdown-test.js.es6
+++ b/test/javascripts/lib/markdown-test.js.es6
@@ -458,7 +458,7 @@ test("urlAllowed", function() {
   allowed("//eviltrout.com/evil/trout", "allows protocol relative urls");
 
   equal(urlAllowed("http://google.com/test'onmouseover=alert('XSS!');//.swf"),
-        "http://google.com/test&#39;onmouseover=alert(&#39;XSS!&#39;);//.swf",
+        "http://google.com/test%27onmouseover=alert(%27XSS!%27);//.swf",
         "escape single quotes");
 });