Attribute values can contain slashes

This commit is contained in:
Nicolas Werner 2022-09-04 18:14:14 +02:00
parent e144c5741f
commit c6bf1e6508
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9

View file

@ -431,9 +431,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
"tbody", "/tbody", "tr", "/tr", "th", "/th", "td", "/td", "tbody", "/tbody", "tr", "/tr", "th", "/th", "td", "/td",
"caption", "/caption", "pre", "/pre", "span", "/span", "img", "/img", "caption", "/caption", "pre", "/pre", "span", "/span", "img", "/img",
"details", "/details", "summary", "/summary"}; "details", "/details", "summary", "/summary"};
constexpr static const std::array tagNameEnds = {' ', '>'}; constexpr static const std::array tagNameEnds = {' ', '>'};
constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'}; constexpr static const std::array attrNameEnds = {' ', '>', '=', '\t', '\r', '\n', '/', '\f'};
constexpr static const std::array spaceChars = {' ', '\t', '\r', '\n', '\f'}; constexpr static const std::array attrValueEnds = {' ', '\t', '\r', '\n', '\f', '>'};
constexpr static const std::array spaceChars = {' ', '\t', '\r', '\n', '\f'};
QByteArray data = rawStr.toUtf8(); QByteArray data = rawStr.toUtf8();
QByteArray buffer; QByteArray buffer;
@ -535,16 +536,22 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
continue; continue;
} }
} else { } else {
attrStart += 1;
auto valueEnd = std::find_first_of(attrStart, auto valueEnd = std::find_first_of(attrStart,
attrsEnd, attrsEnd,
attrNameEnds.begin(), attrValueEnds.begin(),
attrNameEnds.end()); attrValueEnds.end());
auto val =
sanitizeValue(QByteArray(attrStart, valueEnd - attrStart));
attrStart = consumeSpaces(valueEnd);
if (val.contains('"'))
continue;
buffer.append(' '); buffer.append(' ');
buffer.append(attrName); buffer.append(attrName);
buffer.append("="); buffer.append("=\"");
buffer.append(attrStart, valueEnd - attrStart); buffer.append(val);
attrStart = valueEnd; buffer.append('"');
continue; continue;
} }
} }