RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 13:57:34 +00:00
Code Issues Activity Actions

LibMarkdown: Wrap code block language string in escape_html_entities()

Browse source 
This would allow HTML injection as the string was inserted into the HTML
output with no sanitation whatsoever.

Fixes #7123.
This commit is contained in:
Linus Groh 2021-05-19 23:30:42 +01:00
parent 0a70e1728a
commit 9c19e62675
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibMarkdown/CodeBlock.cpp
View file

@ -39,7 +39,7 @@ String CodeBlock::render_to_html() const
if (style_language.is_empty()) if (style_language.is_empty())
builder.append("<code>"); builder.append("<code>");
else else
builder.appendff("<code class=\"{}\">", style_language); builder.appendff("<code class=\"{}\">", escape_html_entities(style_language));
if (style_language == "js") if (style_language == "js")
builder.append(JS::MarkupGenerator::html_from_source(m_code)); builder.append(JS::MarkupGenerator::html_from_source(m_code));