mirror of
https://github.com/Nheko-Reborn/nheko.git
synced 2024-11-26 04:58:49 +03:00
Attribute values can contain slashes
This commit is contained in:
parent
e144c5741f
commit
c6bf1e6508
1 changed files with 16 additions and 9 deletions
|
@ -433,6 +433,7 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
|
||||||
"details", "/details", "summary", "/summary"};
|
"details", "/details", "summary", "/summary"};
|
||||||
constexpr static const std::array tagNameEnds = {' ', '>'};
|
constexpr static const std::array tagNameEnds = {' ', '>'};
|
||||||
constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
|
constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
|
||||||
|
constexpr static const std::array attrValueEnds = {' ', '\t', '\r', '\n', '\f', '>'};
|
||||||
constexpr static const std::array spaceChars = {' ', '\t', '\r', '\n', '\f'};
|
constexpr static const std::array spaceChars = {' ', '\t', '\r', '\n', '\f'};
|
||||||
|
|
||||||
QByteArray data = rawStr.toUtf8();
|
QByteArray data = rawStr.toUtf8();
|
||||||
|
@ -535,16 +536,22 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
attrStart += 1;
|
|
||||||
auto valueEnd = std::find_first_of(attrStart,
|
auto valueEnd = std::find_first_of(attrStart,
|
||||||
attrsEnd,
|
attrsEnd,
|
||||||
attrNameEnds.begin(),
|
attrValueEnds.begin(),
|
||||||
attrNameEnds.end());
|
attrValueEnds.end());
|
||||||
|
auto val =
|
||||||
|
sanitizeValue(QByteArray(attrStart, valueEnd - attrStart));
|
||||||
|
attrStart = consumeSpaces(valueEnd);
|
||||||
|
|
||||||
|
if (val.contains('"'))
|
||||||
|
continue;
|
||||||
|
|
||||||
buffer.append(' ');
|
buffer.append(' ');
|
||||||
buffer.append(attrName);
|
buffer.append(attrName);
|
||||||
buffer.append("=");
|
buffer.append("=\"");
|
||||||
buffer.append(attrStart, valueEnd - attrStart);
|
buffer.append(val);
|
||||||
attrStart = valueEnd;
|
buffer.append('"');
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue