We use cookies to ensure you get the best experience on our website
Home Verkennen Help
Registreren Inloggen
0ct0pu5
/
ladybird
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

LibWebView: Escape HTML within attribute values in the Inspector HTML

If an attribute value contains HTML, let's make sure we render it as
text, instead of injecting HTML in the middle of an Inspector field.
Timothy Flynn 1 jaar geleden
bovenliggende
fd558a012b
commit
338f0382d3
1 gewijzigde bestanden met toevoegingen van 1 en 1 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 1 1
      Userland/Libraries/LibWebView/InspectorClient.cpp

+ 1 - 1
Userland/Libraries/LibWebView/InspectorClient.cpp
Bestand weergeven 

@@ -542,7 +542,7 @@ String InspectorClient::generate_dom_tree(JsonObject const& dom_tree)
 
                 builder.appendff("<span data-node-type=\"attribute\" data-tag=\"{}\" data-attribute-index={} class=\"editable\">", tag, dom_node_attributes.size());
 
                 builder.appendff("<span class=\"attribute-name\">{}</span>", name);
 
                 builder.append('=');
 
-                builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", value_string);
 
+                builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", escape_html_entities(value_string));
 
                 builder.append("</span>"sv);
 
 
                 dom_node_attributes.empend(MUST(String::from_byte_string(name)), MUST(String::from_byte_string(value_string)));

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5