LibWeb: Fix HTML injection on FrameLoader error page

Small regression introduced by 3857148, we still have to escape HTML entities.
2024-07-21 18:15:58 +00:00 · 2021-04-22 10:17:00 +02:00 · 2021-04-22 10:17:00 +02:00 · 024fd9b957
parent 696f23d7a0
commit 024fd9b957
1 changed files with 2 additions and 2 deletions
--- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
+++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
@ -229,8 +229,8 @@ void FrameLoader::load_error_page(const URL& failed_url, const String& error)
            VERIFY(!data.is_null());
            StringBuilder builder;
            SourceGenerator generator { builder };
-            generator.set("failed_url", failed_url.to_string());
-            generator.set("error", error);
+            generator.set("failed_url", escape_html_entities(failed_url.to_string()));
+            generator.set("error", escape_html_entities(error));
            generator.append(data);
            auto document = HTML::parse_html_document(generator.as_string_view(), failed_url, "utf-8");
            VERIFY(document);