From 33489ab616bc2282d29287c1eb55f16948197f48 Mon Sep 17 00:00:00 2001
From: Zignature <siegert.naber@gmail.com>
Date: Sat, 15 Jan 2022 23:26:10 +0100
Subject: [PATCH] URL encoding and escaping for JS prompt URLs

- URL encoding and escaping added for JS prompt entered URLs
- added option escapeURLs (boolean)
---
 src/js/easymde.js  | 18 ++++++++++--------
 types/easymde.d.ts |  1 +
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/js/easymde.js b/src/js/easymde.js
index 72f7254..b419d5d 100644
--- a/src/js/easymde.js
+++ b/src/js/easymde.js
@@ -849,7 +849,10 @@ function drawLink(editor) {
             return false;
         }
 
-        if (/[()<>]/.test(url)) url = escapeUrl(url);
+        if (options.escapeURLs) {
+            url = encodeURI(url);
+            if (/[()]/.test(url)) url = escapeURI(url);
+        }
     }
     _replaceSelection(cm, stat.link, options.insertTexts.link, url);
 }
@@ -868,7 +871,10 @@ function drawImage(editor) {
             return false;
         }
 
-        if (/[()<>]/.test(url)) url = escapeUrl(url);
+        if (options.escapeURLs) {
+            url = encodeURI(url);
+            if (/[()]/.test(url)) url = escapeURI(url);
+        }
     }
     _replaceSelection(cm, stat.image, options.insertTexts.image, url);
 }
@@ -877,12 +883,8 @@ function drawImage(editor) {
  * Escape URLs to prevent breaking up rendered Markdown links
  * @param url {string} The url of the link or image
  */
-function escapeUrl(url) {
-
-    url = url.replace(/\(/g,'\\(')
-             .replace(/\)/g,'\\)')
-             .replace(/</g,'\\<')
-             .replace(/>/g,'\\>');
+function escapeURI(url) {
+    url = url.replace(/\(/g,'\\(').replace(/\)/g,'\\)');
 
     return url;
 }
diff --git a/types/easymde.d.ts b/types/easymde.d.ts
index 2aa161b..b082324 100644
--- a/types/easymde.d.ts
+++ b/types/easymde.d.ts
@@ -197,6 +197,7 @@ declare namespace EasyMDE {
         previewImagesInEditor?: boolean;
         previewRender?: (markdownPlaintext: string, previewElement: HTMLElement) => string;
         promptURLs?: boolean;
+        escapeURLs?: boolean;
         renderingConfig?: RenderingOptions;
         shortcuts?: Shortcuts;
         showIcons?: ReadonlyArray<ToolbarButton>;