mirror of
https://github.com/PrismLauncher/PrismLauncher.git
synced 2026-07-02 19:36:57 +03:00
Technic: Prevent potential HTML injection
This commit is contained in:
parent
d44fa416ca
commit
f267375ac2
1 changed files with 4 additions and 6 deletions
|
|
@ -202,14 +202,12 @@ void TechnicPage::metadataLoaded()
|
|||
QString name = current.name;
|
||||
|
||||
if (current.websiteUrl.isEmpty())
|
||||
// This allows injecting HTML here.
|
||||
text = name;
|
||||
text = name.toHtmlEscaped();
|
||||
else
|
||||
// URL not properly escaped for inclusion in HTML. The name allows for injecting HTML.
|
||||
text = "<a href=\"" + current.websiteUrl + "\">" + name + "</a>";
|
||||
text = "<a href=\"" + current.websiteUrl.toHtmlEscaped() + "\">" + name.toHtmlEscaped() + "</a>";
|
||||
|
||||
if (!current.author.isEmpty()) {
|
||||
// This allows injecting HTML here
|
||||
text += tr(" by ") + current.author;
|
||||
text += tr(" by ") + current.author.toHtmlEscaped();
|
||||
}
|
||||
|
||||
ui->frame->setModText(text);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue