beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-25 00:50:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

LibWeb: Fix HTML injection on FrameLoader error page

Browse source 
Small regression introduced by 3857148, we still have to escape HTML
entities.
This commit is contained in:
Linus Groh 2021-04-22 10:17:00 +02:00
parent 696f23d7a0
commit 024fd9b957
Notes: sideshowbarker 2024-07-18 19:15:04 +09:00 
Author: https://github.com/linusg
Commit: https://github.com/SerenityOS/serenity/commit/024fd9b957a
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
View file

@ -229,8 +229,8 @@ void FrameLoader::load_error_page(const URL& failed_url, const String& error)
VERIFY(!data.is_null());
StringBuilder builder;
SourceGenerator generator { builder };
generator.set("failed_url", failed_url.to_string());
generator.set("error", error);
generator.set("failed_url", escape_html_entities(failed_url.to_string()));
generator.set("error", escape_html_entities(error));
generator.append(data);
auto document = HTML::parse_html_document(generator.as_string_view(), failed_url, "utf-8");
VERIFY(document);