Merge pull request #93 from rnhmjoj/pr

escape html before parsing commonmark
author: Joseph Donofry <joedonofry@gmail.com> 2019-10-07 00:09:45 -0400
committer: GitHub <noreply@github.com> 2019-10-07 00:09:45 -0400
commit: e34622d5ffa87809c39922e426b965f8a1a85b6c (patch)
tree: 718835b1f6eaab1acaee2a056d953b5d78277e45 /src/Utils.cpp
parent: Try to use an older linuxdeployqt appimage (diff)
parent: escape html before parsing commonmark (diff)
download: nheko-e34622d5ffa87809c39922e426b965f8a1a85b6c.tar.xz
1 files changed, 16 insertions, 1 deletions
diff --git a/src/Utils.cpp b/src/Utils.cpp
index 5c664b7c..8c02b1c2 100644
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -324,10 +324,25 @@ utils::linkifyMessage(const QString &body)
         return doc;
 }
 
+QByteArray escapeRawHtml(const QByteArray &data) {
+      QByteArray buffer;
+      const size_t length = data.size();
+      buffer.reserve(length);
+      for(size_t pos = 0; pos != length; ++pos) {
+            switch(data.at(pos)) {
+                  case '&':  buffer.append("&amp;");      break;
+                  case '<':  buffer.append("&lt;");       break;
+                  case '>':  buffer.append("&gt;");       break;
+                  default:   buffer.append(data.at(pos)); break;
+            }
+      }
+     return buffer;
+}
+
 QString
 utils::markdownToHtml(const QString &text)
 {
-        const auto str = text.toUtf8();
+        const auto str = escapeRawHtml(text.toUtf8());
         const char *tmp_buf =
           cmark_markdown_to_html(str.constData(), str.size(), CMARK_OPT_DEFAULT);
author	Joseph Donofry <joedonofry@gmail.com>	2019-10-07 00:09:45 -0400
committer	GitHub <noreply@github.com>	2019-10-07 00:09:45 -0400
commit	e34622d5ffa87809c39922e426b965f8a1a85b6c (patch)
tree	718835b1f6eaab1acaee2a056d953b5d78277e45 /src/Utils.cpp
parent	Try to use an older linuxdeployqt appimage (diff)
parent	escape html before parsing commonmark (diff)
download	nheko-e34622d5ffa87809c39922e426b965f8a1a85b6c.tar.xz