Merge pull request #93 from rnhmjoj/pr

escape html before parsing commonmark
pull/95/head
Joseph Donofry 5 years ago committed by GitHub
commit e34622d5ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 17
      src/Utils.cpp

@ -324,10 +324,25 @@ utils::linkifyMessage(const QString &body)
return doc; return doc;
} }
QByteArray escapeRawHtml(const QByteArray &data) {
QByteArray buffer;
const size_t length = data.size();
buffer.reserve(length);
for(size_t pos = 0; pos != length; ++pos) {
switch(data.at(pos)) {
case '&': buffer.append("&"); break;
case '<': buffer.append("&lt;"); break;
case '>': buffer.append("&gt;"); break;
default: buffer.append(data.at(pos)); break;
}
}
return buffer;
}
QString QString
utils::markdownToHtml(const QString &text) utils::markdownToHtml(const QString &text)
{ {
const auto str = text.toUtf8(); const auto str = escapeRawHtml(text.toUtf8());
const char *tmp_buf = const char *tmp_buf =
cmark_markdown_to_html(str.constData(), str.size(), CMARK_OPT_DEFAULT); cmark_markdown_to_html(str.constData(), str.size(), CMARK_OPT_DEFAULT);

Loading…
Cancel
Save