diff options
| -rw-r--r-- | includes/common.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/includes/common.inc b/includes/common.inc index ebbadc125..bb0e8ffe2 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -2736,6 +2736,8 @@ function l($text, $path, array $options = array()) { if ($use_theme) { return theme('link', array('text' => $text, 'path' => $path, 'options' => $options)); } + // The result of url() is a plain-text URL. Because we are using it here + // in an HTML argument context, we need to encode it properly. return '<a href="' . check_plain(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>'; } |