beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-25 00:50:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

LibWebView: Escape HTML entities in attribute names

Browse source 
Otherwise, we can embed invalid HTML in the Inspector web view.
This commit is contained in:
Timothy Flynn 2024-07-29 17:23:52 -04:00 committed by Andreas Kling
parent 657bbd1542
commit 93f2af38b1
Notes: github-actions[bot] 2024-07-30 07:42:28 +00:00 
Author: https://github.com/trflynn89
Commit: https://github.com/LadybirdBrowser/ladybird/commit/93f2af38b16
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/894
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibWebView/InspectorClient.cpp
View file

@ -544,7 +544,7 @@ String InspectorClient::generate_dom_tree(JsonObject const& dom_tree)
builder.append(" "sv);
builder.appendff("<span data-node-type=\"attribute\" data-tag=\"{}\" data-attribute-index={} class=\"editable\">", tag, dom_node_attributes.size());
builder.appendff("<span class=\"attribute-name\">{}</span>", name);
builder.appendff("<span class=\"attribute-name\">{}</span>", escape_html_entities(name));
builder.append('=');
builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", escape_html_entities(value_string));
builder.append("</span>"sv);