From fd5097af3d6f7b91c23a3f145704332afe7e5954 Mon Sep 17 00:00:00 2001
From: ccd0 <admin@containerchan.org>
Date: Mon, 13 Oct 2014 00:20:59 -0700
Subject: [PATCH] Escape parameters in javascript: sauce links.

---
 src/Images/Sauce.coffee | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Images/Sauce.coffee b/src/Images/Sauce.coffee
index 6250d8fb1..856ca9224 100755
--- a/src/Images/Sauce.coffee
+++ b/src/Images/Sauce.coffee
@@ -29,21 +29,22 @@ Sauce =
           '%TURL':  post.file.thumbURL
           '%URL':   post.file.URL
           '%MD5':   post.file.MD5
-          '%board': post.board
+          '%board': post.board.ID
           '%name':  post.file.name
           '%%':     '%'
           '%semi':  ';'
         }[parameter]
         if key is 'url' and parameter isnt '%%' and parameter isnt '%semi'
-          encodeURIComponent type
-        else
-          type
+          type = JSON.stringify type if /^javascript:/i.test parts['url']
+          type = encodeURIComponent type
+        type
     ext = post.file.URL.match(/\.([^\.]*)$/)?[1] or ''
     return null unless !parts['boards'] or post.board.ID in parts['boards'].split ','
     return null unless !parts['types']  or ext           in parts['types'].split ','
     a = Sauce.link.cloneNode true
     a.href = parts['url']
     a.textContent = parts['text']
+    a.removeAttribute 'target' if /^javascript:/i.test parts['url']
     a
   node: ->
     return if @isClone or !@file