LibMarkdown: Wrap code block language string in escape_html_entities()

This would allow HTML injection as the string was inserted into the HTML
output with no sanitation whatsoever.

Fixes #7123.
This commit is contained in:
Linus Groh 2021-05-19 23:30:42 +01:00
parent 0a70e1728a
commit 9c19e62675
Notes: sideshowbarker 2024-07-18 17:44:13 +09:00

View file

@ -39,7 +39,7 @@ String CodeBlock::render_to_html() const
if (style_language.is_empty())
builder.append("<code>");
else
builder.appendff("<code class=\"{}\">", style_language);
builder.appendff("<code class=\"{}\">", escape_html_entities(style_language));
if (style_language == "js")
builder.append(JS::MarkupGenerator::html_from_source(m_code));