From 4447439079a88835d69524ab36ba88ecda384142 Mon Sep 17 00:00:00 2001
From: jordan <jordan@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Date: Sun, 8 May 2011 14:02:03 +0000
Subject: [PATCH] Resolves OSQA-674, be sure that we remove all anchors that
 trigger JavaScript code.

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1030 0cfe37f9-358a-4d5e-be75-b63607b5c754
---
 forum/skins/default/media/js/wmd/showdown.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/forum/skins/default/media/js/wmd/showdown.js b/forum/skins/default/media/js/wmd/showdown.js
index d223f45..b890fa8 100644
--- a/forum/skins/default/media/js/wmd/showdown.js
+++ b/forum/skins/default/media/js/wmd/showdown.js
@@ -498,6 +498,11 @@ var _DoAnchors = function(text) {
 	*/
 	text = text.replace(/(\[([^\[\]]+)\])()()()()()/g, writeAnchorTag);
 
+    // Prevent executing JavaScript from the Anchor href.
+    text = text.replace(/(<a.*href=[\"|\']javascript\:([^"]+)[\"|\'].*>([^<]+)<\/a>)/g, function() {
+        return arguments[3];
+    });
+
 	return text;
 }
 
-- 
2.39.5