beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 15:40:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

LibMarkdown: Wrap code block language string in escape_html_entities()

Browse source 
This would allow HTML injection as the string was inserted into the HTML
output with no sanitation whatsoever.

Fixes #7123.
This commit is contained in:
Linus Groh 2021-05-19 23:30:42 +01:00
parent 0a70e1728a
commit 9c19e62675
Notes: sideshowbarker 2024-07-18 17:44:13 +09:00 
Author: https://github.com/linusg
Commit: https://github.com/SerenityOS/serenity/commit/9c19e626754
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibMarkdown/CodeBlock.cpp
View file

@ -39,7 +39,7 @@ String CodeBlock::render_to_html() const
if (style_language.is_empty()) if (style_language.is_empty())
builder.append("<code>"); builder.append("<code>");
else else
builder.appendff("<code class=\"{}\">", style_language); builder.appendff("<code class=\"{}\">", escape_html_entities(style_language));
if (style_language == "js") if (style_language == "js")
builder.append(JS::MarkupGenerator::html_from_source(m_code)); builder.append(JS::MarkupGenerator::html_from_source(m_code));