From 9cc4fac7faa58ce8b9927db1fbc12b97730a0831 Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Mon, 14 Nov 2011 19:35:32 +0000
Subject: [PATCH] Filter the link href when inserting external image in the
 editor, props DrewAPicture, fixes #18445

git-svn-id: https://develop.svn.wordpress.org/trunk@19275 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/media.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index fdf91f28be..7c7adb19ff 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -1497,8 +1497,10 @@ var addExtImage = {
 
 		html = '<img alt="'+alt+'" src="'+f.src.value+'"'+title+cls+' width="'+t.width+'" height="'+t.height+'" />';
 
-		if ( f.url.value )
-			html = '<a href="'+f.url.value+'">'+html+'</a>';
+		if ( f.url.value ) {
+			url = f.url.value.replace(/'/g, '&#039;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+			html = '<a href="'+url+'">'+html+'</a>';
+		}
 
 		if ( caption )
 			html = '[caption id="" align="'+t.align+'" width="'+t.width+'" caption="'+caption+'"]'+html+'[/caption]';