escape html before parsing commonmark

author: rnhmjoj <rnhmjoj@inventati.org> 2019-09-21 01:38:17 +0200
committer: rnhmjoj <rnhmjoj@inventati.org> 2019-09-25 01:18:01 +0200
commit: 1659176c0d49c51cb2e20e2a4c1e823ffb2c6446 (patch)
tree: 9e44dc112d5dc3af965aae4adc67e48036ce43ed /src
parent: Merge pull request #92 from pupper68k/0.7.0-dev-bugfix-71 (diff)
download: nheko-1659176c0d49c51cb2e20e2a4c1e823ffb2c6446.tar.xz
1 files changed, 16 insertions, 1 deletions
diff --git a/src/Utils.cpp b/src/Utils.cpp
index 5c664b7c..8c02b1c2 100644
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -324,10 +324,25 @@ utils::linkifyMessage(const QString &body)
         return doc;
 }
 
+QByteArray escapeRawHtml(const QByteArray &data) {
+      QByteArray buffer;
+      const size_t length = data.size();
+      buffer.reserve(length);
+      for(size_t pos = 0; pos != length; ++pos) {
+            switch(data.at(pos)) {
+                  case '&':  buffer.append("&amp;");      break;
+                  case '<':  buffer.append("&lt;");       break;
+                  case '>':  buffer.append("&gt;");       break;
+                  default:   buffer.append(data.at(pos)); break;
+            }
+      }
+     return buffer;
+}
+
 QString
 utils::markdownToHtml(const QString &text)
 {
-        const auto str = text.toUtf8();
+        const auto str = escapeRawHtml(text.toUtf8());
         const char *tmp_buf =
           cmark_markdown_to_html(str.constData(), str.size(), CMARK_OPT_DEFAULT);
author	rnhmjoj <rnhmjoj@inventati.org>	2019-09-21 01:38:17 +0200
committer	rnhmjoj <rnhmjoj@inventati.org>	2019-09-25 01:18:01 +0200
commit	1659176c0d49c51cb2e20e2a4c1e823ffb2c6446 (patch)
tree	9e44dc112d5dc3af965aae4adc67e48036ce43ed /src
parent	Merge pull request #92 from pupper68k/0.7.0-dev-bugfix-71 (diff)
download	nheko-1659176c0d49c51cb2e20e2a4c1e823ffb2c6446.tar.xz