From 17dcde1f6169a693a6f11003200cf4b9ea522b62 Mon Sep 17 00:00:00 2001
From: rick <technoweenie@gmail.com>
Date: Mon, 11 Apr 2011 23:29:06 -0400
Subject: [PATCH] fix xss vulnerability in mathjax parsing

---
 lib/gollum/markup.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/gollum/markup.rb b/lib/gollum/markup.rb
index e264f490..839db7ef 100644
--- a/lib/gollum/markup.rb
+++ b/lib/gollum/markup.rb
@@ -74,12 +74,14 @@ module Gollum
     # Returns the placeholder'd String data.
     def extract_tex(data)
       data.gsub(/\\\[\s*(.*?)\s*\\\]/m) do
-        id = Digest::SHA1.hexdigest($1)
-        @texmap[id] = [:block, $1]
+        tag = CGI.escapeHTML($1)
+        id  = Digest::SHA1.hexdigest(tag)
+        @texmap[id] = [:block, tag]
         id
       end.gsub(/\\\(\s*(.*?)\s*\\\)/m) do
-        id = Digest::SHA1.hexdigest($1)
-        @texmap[id] = [:inline, $1]
+        tag = CGI.escapeHTML($1)
+        id  = Digest::SHA1.hexdigest(tag)
+        @texmap[id] = [:inline, tag]
         id
       end
     end