RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 09:04:59 +00:00
Code Issues Activity Actions

LibWebView: Escape HTML within attribute values in the Inspector HTML

Browse source 
If an attribute value contains HTML, let's make sure we render it as
text, instead of injecting HTML in the middle of an Inspector field.
This commit is contained in:
Timothy Flynn 2024-02-18 14:17:09 -05:00 committed by Andreas Kling
parent fd558a012b
commit 338f0382d3
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibWebView/InspectorClient.cpp
View file

@ -542,7 +542,7 @@ String InspectorClient::generate_dom_tree(JsonObject const& dom_tree)
builder.appendff("<span data-node-type=\"attribute\" data-tag=\"{}\" data-attribute-index={} class=\"editable\">", tag, dom_node_attributes.size());
builder.appendff("<span class=\"attribute-name\">{}</span>", name);
builder.append('=');
builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", value_string);
builder.appendff("<span class=\"attribute-value\">\"{}\"</span>", escape_html_entities(value_string));
builder.append("</span>"sv);
dom_node_attributes.empend(MUST(String::from_byte_string(name)), MUST(String::from_byte_string(value_string)));