From 6c56e7ca7aeaf095b4ec153b00868b465f439f21 Mon Sep 17 00:00:00 2001
From: muxator <a.mux@inwind.it>
Date: Sun, 26 Aug 2018 02:40:36 +0200
Subject: [PATCH] ace.js: use URL encoding when building an URL via string
 concatenation

Not performing encoding/decoding when traversing logical domains is a security
risk.
String concatenation is not great, too, but this change is just focused on
allowing the implementation of skin support.
---
 src/static/js/ace.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/static/js/ace.js b/src/static/js/ace.js
index 9f219e6c2..3b8679b45 100644
--- a/src/static/js/ace.js
+++ b/src/static/js/ace.js
@@ -186,7 +186,7 @@ function Ace2Editor()
     }
     for (var i = 0, ii = remoteFiles.length; i < ii; i++) {
       var file = remoteFiles[i];
-      buffer.push('<link rel="stylesheet" type="text/css" href="' + file + '"\/>');
+      buffer.push('<link rel="stylesheet" type="text/css" href="' + encodeURI(file) + '"\/>');
     }
   }