From 4e65385fdef5390d2f79278594cc486c418a2641 Mon Sep 17 00:00:00 2001
From: Michael Rooney <mrooney.github@rowk.com>
Date: Sat, 11 Jun 2011 00:07:59 -0400
Subject: [PATCH] encodeURI the href to prevent XSS attacks via ending the
 quote and adding arbitrary scripts in onmouseover/onclick

---
 ba-linkify.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ba-linkify.js b/ba-linkify.js
index 81dae5f..4bf27ef 100644
--- a/ba-linkify.js
+++ b/ba-linkify.js
@@ -98,7 +98,7 @@ window.linkify = (function(){
     
     default_options = {
       callback: function( text, href ) {
-        return href ? '<a href="' + href + '" title="' + href + '">' + text + '</a>' : text;
+        return href ? '<a href="' + encodeURI(href) + '" title="' + encodeURI(href) + '">' + text + '</a>' : text;
       },
       punct_regexp: /(?:[!?.,:;'"]|(?:&|&amp;)(?:lt|gt|quot|apos|raquo|laquo|rsaquo|lsaquo);)$/
     };
@@ -211,4 +211,4 @@ window.linkify = (function(){
     return html || txt;
   };
   
-})();
\ No newline at end of file
+})();