system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-15 12:23:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibMarkdown: Wrap code block language string in escape_html_entities()

Browse source 
This would allow HTML injection as the string was inserted into the HTML
output with no sanitation whatsoever.

Fixes #7123.
This commit is contained in:
Linus Groh 2021-05-19 23:30:42 +01:00
parent 0a70e1728a
commit 9c19e62675
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibMarkdown/CodeBlock.cpp
View file

@ -39,7 +39,7 @@ String CodeBlock::render_to_html() const
if (style_language.is_empty())
builder.append("<code>");
else
builder.appendff("<code class=\"{}\">", style_language);
builder.appendff("<code class=\"{}\">", escape_html_entities(style_language));
if (style_language == "js")
builder.append(JS::MarkupGenerator::html_from_source(m_code));