d3v1l/matrixion
1
0
Fork 0
mirror of https://github.com/Nheko-Reborn/nheko.git synced 2024-11-22 03:00:46 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Attribute values can contain slashes

Browse source
This commit is contained in:
Nicolas Werner 2022-09-04 18:14:14 +02:00
parent e144c5741f
commit c6bf1e6508
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
1 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/Utils.cpp
View file

@ -431,9 +431,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
"tbody", "/tbody", "tr", "/tr", "th", "/th", "td", "/td",
"caption", "/caption", "pre", "/pre", "span", "/span", "img", "/img",
"details", "/details", "summary", "/summary"};
constexpr static const std::array tagNameEnds = {' ', '>'};
constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
constexpr static const std::array spaceChars = {' ', '\t', '\r', '\n', '\f'};
constexpr static const std::array tagNameEnds = {' ', '>'};
constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
constexpr static const std::array attrValueEnds = {' ', '\t', '\r', '\n', '\f', '>'};
constexpr static const std::array spaceChars = {' ', '\t', '\r', '\n', '\f'};
QByteArray data = rawStr.toUtf8();
QByteArray buffer;
@ -535,16 +536,22 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
continue;
}
} else {
attrStart += 1;
auto valueEnd = std::find_first_of(attrStart,
attrsEnd,
attrNameEnds.begin(),
attrNameEnds.end());
attrValueEnds.begin(),
attrValueEnds.end());
auto val =
sanitizeValue(QByteArray(attrStart, valueEnd - attrStart));
attrStart = consumeSpaces(valueEnd);
if (val.contains('"'))
continue;
buffer.append(' ');
buffer.append(attrName);
buffer.append("=");
buffer.append(attrStart, valueEnd - attrStart);
attrStart = valueEnd;
buffer.append("=\"");
buffer.append(val);
buffer.append('"');
continue;
}
}