From d6f9349f15d3a1e309ee48eb20d07ef950078568 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Thu, 7 Nov 2019 18:09:52 +0100 Subject: [PATCH] IRCClient: Escape HTML entities in nicknames, too, just in case --- Applications/IRCClient/IRCLogBuffer.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Applications/IRCClient/IRCLogBuffer.cpp b/Applications/IRCClient/IRCLogBuffer.cpp index 63ae0800337..dd969d85e81 100644 --- a/Applications/IRCClient/IRCLogBuffer.cpp +++ b/Applications/IRCClient/IRCLogBuffer.cpp @@ -44,7 +44,7 @@ static String timestamp_string() void IRCLogBuffer::add_message(char prefix, const String& name, const String& text, Color color) { - auto nick_string = String::format("<%c%s> ", prefix ? prefix : ' ', name.characters()); + auto nick_string = String::format("<%c%s> ", prefix ? prefix : ' ', name.characters()); auto html = String::format( "
" "%s" @@ -53,7 +53,7 @@ void IRCLogBuffer::add_message(char prefix, const String& name, const String& te "
", color.to_string().characters(), timestamp_string().characters(), - nick_string.characters(), + escape_html_entities(nick_string).characters(), escape_html_entities(text).characters()); auto fragment = parse_html_fragment(*m_document, html); m_container_element->append_child(fragment->remove_child(*fragment->first_child()));