Merge pull request #722 from Thulinma/noHtmlFixes

Fix two more HTML injection attacks.
This commit is contained in:
DeepBlueV7.X 2021-09-11 22:19:44 +00:00 committed by GitHub
commit e88ab89c18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions

View file

@ -77,7 +77,7 @@ RoomsModel::data(const QModelIndex &index, int role) const
return QString::fromStdString( return QString::fromStdString(
roomInfos.at(roomids[index.row()]).avatar_url); roomInfos.at(roomids[index.row()]).avatar_url);
case Roles::RoomID: case Roles::RoomID:
return roomids[index.row()]; return roomids[index.row()].toHtmlEscaped();
} }
} }
return {}; return {};

View file

@ -16,8 +16,8 @@ struct Reaction
Q_PROPERTY(int count READ count) Q_PROPERTY(int count READ count)
public: public:
QString key() const { return key_; } QString key() const { return key_.toHtmlEscaped(); }
QString users() const { return users_; } QString users() const { return users_.toHtmlEscaped(); }
QString selfReactedEvent() const { return selfReactedEvent_; } QString selfReactedEvent() const { return selfReactedEvent_; }
int count() const { return count_; } int count() const { return count_; }