summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorDeepBlueV7.X <nicolas.werner@hotmail.de>2021-09-11 22:19:44 +0000
committerGitHub <noreply@github.com>2021-09-11 22:19:44 +0000
commite88ab89c18db00b11d242352878fbd79dd6a5d15 (patch)
tree44845cb4a5ca99c2d2e48d4c624133515f7accea /src
parentTranslated using Weblate (Malayalam) (diff)
parentFix a few more HTML injections (diff)
downloadnheko-e88ab89c18db00b11d242352878fbd79dd6a5d15.tar.xz
Merge pull request #722 from Thulinma/noHtmlFixes
Fix two more HTML injection attacks.
Diffstat (limited to 'src')
-rw-r--r--src/RoomsModel.cpp2
-rw-r--r--src/timeline/Reaction.h4
2 files changed, 3 insertions, 3 deletions
diff --git a/src/RoomsModel.cpp b/src/RoomsModel.cpp

index 80f13756..656a0deb 100644
--- a/src/RoomsModel.cpp
+++ b/src/RoomsModel.cpp
@@ -77,7 +77,7 @@ RoomsModel::data(const QModelIndex &index, int role) const
                         return QString::fromStdString(
                           roomInfos.at(roomids[index.row()]).avatar_url);
                 case Roles::RoomID:
-                        return roomids[index.row()];
+                        return roomids[index.row()].toHtmlEscaped();
                 }
         }
         return {};
diff --git a/src/timeline/Reaction.h b/src/timeline/Reaction.h

index 47dac617..788e9ced 100644
--- a/src/timeline/Reaction.h
+++ b/src/timeline/Reaction.h
@@ -16,8 +16,8 @@ struct Reaction
         Q_PROPERTY(int count READ count)
 
 public:
-        QString key() const { return key_; }
-        QString users() const { return users_; }
+        QString key() const { return key_.toHtmlEscaped(); }
+        QString users() const { return users_.toHtmlEscaped(); }
         QString selfReactedEvent() const { return selfReactedEvent_; }
         int count() const { return count_; }
generated by cgit-magenta 1.5.1 (git 2.53.0) at 2026-06-07 12:05:44 +0000