From 7d78c640fd06fb64fa3480e4d621188fc38c0c52 Mon Sep 17 00:00:00 2001
From: Holger Just <holger@plan.io>
Date: Mon, 14 Aug 2017 15:21:33 +0200
Subject: [PATCH] URL-escape additional characters with special meaning in the
 generated markup for dropped uploads

---
 public/javascripts/attachments.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/public/javascripts/attachments.js b/public/javascripts/attachments.js
index 21ca97801..1baafc0bd 100644
--- a/public/javascripts/attachments.js
+++ b/public/javascripts/attachments.js
@@ -214,7 +214,8 @@ function addInlineAttachmentMarkup(file) {
     var cursorPosition = $textarea.prop('selectionStart');
     var description = $textarea.val();
     var sanitizedFilename = file.name.replace(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_');
-    var inlineFilename = encodeURIComponent(sanitizedFilename);
+    var inlineFilename = encodeURIComponent(sanitizedFilename)
+      .replace(/[!()]/g, function(match) { return "%" + match.charCodeAt(0).toString(16) });
     var newLineBefore = true;
     var newLineAfter = true;
     if(cursorPosition === 0 || description.substr(cursorPosition-1,1).match(/\r|\n/)) {
-- 
2.13.0