summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorNicolas Werner <nicolas.werner@hotmail.de>2022-09-04 18:14:14 +0200
committerNicolas Werner <nicolas.werner@hotmail.de>2022-09-04 18:14:14 +0200
commitc6bf1e6508f54cf07d9696d57412ba626f754089 (patch)
treeb06b5bac8253e1ce0cb1f78fba708ec44dc8eba6 /src
parentImplement space stickers & emoji (diff)
downloadnheko-c6bf1e6508f54cf07d9696d57412ba626f754089.tar.xz
Attribute values can contain slashes
Diffstat (limited to 'src')
-rw-r--r--src/Utils.cpp25


1 files changed, 16 insertions, 9 deletions
diff --git a/src/Utils.cpp b/src/Utils.cpp
index bae1d8a5..0e193c43 100644
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -431,9 +431,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
       "tbody",      "/tbody",      "tr",      "/tr",     "th",    "/th",    "td",     "/td",
       "caption",    "/caption",    "pre",     "/pre",    "span",  "/span",  "img",    "/img",
       "details",    "/details",    "summary", "/summary"};
-    constexpr static const std::array tagNameEnds  = {' ', '>'};
-    constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
-    constexpr static const std::array spaceChars   = {' ', '\t', '\r', '\n', '\f'};
+    constexpr static const std::array tagNameEnds   = {' ', '>'};
+    constexpr static const std::array attrNameEnds  = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
+    constexpr static const std::array attrValueEnds = {' ', '\t', '\r', '\n', '\f', '>'};
+    constexpr static const std::array spaceChars    = {' ', '\t', '\r', '\n', '\f'};
 
     QByteArray data = rawStr.toUtf8();
     QByteArray buffer;
@@ -535,16 +536,22 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
                                         continue;
                                     }
                                 } else {
-                                    attrStart += 1;
                                     auto valueEnd = std::find_first_of(attrStart,
                                                                        attrsEnd,
-                                                                       attrNameEnds.begin(),
-                                                                       attrNameEnds.end());
+                                                                       attrValueEnds.begin(),
+                                                                       attrValueEnds.end());
+                                    auto val =
+                                      sanitizeValue(QByteArray(attrStart, valueEnd - attrStart));
+                                    attrStart = consumeSpaces(valueEnd);
+
+                                    if (val.contains('"'))
+                                        continue;
+
                                     buffer.append(' ');
                                     buffer.append(attrName);
-                                    buffer.append("=");
-                                    buffer.append(attrStart, valueEnd - attrStart);
-                                    attrStart = valueEnd;
+                                    buffer.append("=\"");
+                                    buffer.append(val);
+                                    buffer.append('"');
                                     continue;
                                 }
                             }

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-28 04:04:28 +0000