From 1659176c0d49c51cb2e20e2a4c1e823ffb2c6446 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sat, 21 Sep 2019 01:38:17 +0200 Subject: [PATCH] escape html before parsing commonmark --- src/Utils.cpp | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/Utils.cpp b/src/Utils.cpp index 5c664b7c..8c02b1c2 100644 --- a/src/Utils.cpp +++ b/src/Utils.cpp @@ -324,10 +324,25 @@ utils::linkifyMessage(const QString &body) return doc; } +QByteArray escapeRawHtml(const QByteArray &data) { + QByteArray buffer; + const size_t length = data.size(); + buffer.reserve(length); + for(size_t pos = 0; pos != length; ++pos) { + switch(data.at(pos)) { + case '&': buffer.append("&"); break; + case '<': buffer.append("<"); break; + case '>': buffer.append(">"); break; + default: buffer.append(data.at(pos)); break; + } + } + return buffer; +} + QString utils::markdownToHtml(const QString &text) { - const auto str = text.toUtf8(); + const auto str = escapeRawHtml(text.toUtf8()); const char *tmp_buf = cmark_markdown_to_html(str.constData(), str.size(), CMARK_OPT_DEFAULT);