mirror/MultiMC5
1
0
Fork 0
mirror of https://github.com/MultiMC/MultiMC5.git synced 2025-03-11 22:14:13 +00:00
Code Issues Projects Releases Wiki Activity

NOISUE Prevent potential HTML injection

Browse Source
This commit is contained in:
Jamie Mansfield 2021-12-24 15:20:34 +00:00
parent e35f2b6c2c
commit ddc094b76b
No known key found for this signature in database
GPG Key ID: 36F61598F39F67B0
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
launcher/ui/pages/modplatform/technic/TechnicPage.cpp
View File

@ -178,14 +178,12 @@ void TechnicPage::metadataLoaded()
QString name = current.name;
if (current.websiteUrl.isEmpty())
// This allows injecting HTML here.
text = name;
text = name.toHtmlEscaped();
else
// URL not properly escaped for inclusion in HTML. The name allows for injecting HTML.
text = "<a href=\"" + current.websiteUrl + "\">" + name + "</a>";
text = "<a href=\"" + current.websiteUrl.toHtmlEscaped() + "\">" + name.toHtmlEscaped() + "</a>";
if (!current.author.isEmpty()) {
// This allows injecting HTML here
text += tr(" by ") + current.author;
text += tr(" by ") + current.author.toHtmlEscaped();
}
text += "<br><br>";