We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
ladybird
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

LibWebView: Escape HTML within attribute values in the Inspector HTML

If an attribute value contains HTML, let's make sure we render it as
text, instead of injecting HTML in the middle of an Inspector field.
Timothy Flynn 1 ano atrás
pai
fd558a012b
commit
338f0382d3
1 arquivos alterados com 1 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1 1
      Userland/Libraries/LibWebView/InspectorClient.cpp

+ 1 - 1
Userland/Libraries/LibWebView/InspectorClient.cpp
Ver arquivo 

@@ -542,7 +542,7 @@ String InspectorClient::generate_dom_tree(JsonObject const& dom_tree)
 
                 builder.appendff("<span data-node-type=\"attribute\" data-tag=\"{}\" data-attribute-index={} class=\"editable\">", tag, dom_node_attributes.size());
 
                 builder.appendff("<span class=\"attribute-name\">{}</span>", name);
 
                 builder.append('=');
 
-                builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", value_string);
 
+                builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", escape_html_entities(value_string));
 
                 builder.append("</span>"sv);
 
 
                 dom_node_attributes.empend(MUST(String::from_byte_string(name)), MUST(String::from_byte_string(value_string)));

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5