Escape what is put inside <a> tags

We should be careful here, and make sure whatever is put enclosed by
<a> tags is correctly encoded. What caused bug #597049 is that what
was being liked to looked like a tag, so the browser ignored it, but
this is potentially a security vulnerability.

Bug #597049

1 files changed, 8 insertions, 1 deletions

diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c
index a702ded6a..2e88ec1dd 100644
--- a/libempathy-gtk/empathy-theme-adium.c
+++ b/libempathy-gtk/empathy-theme-adium.c
@@ -228,12 +228,19 @@ theme_adium_replace_link (const gchar *text,
 {
 	GString *string = user_data;
 	gchar *real_url;
+	gchar *str;
 
 	/* Append the link inside <a href=""></a> tag */
 	real_url = empathy_make_absolute_url_len (text, len);
 
 	g_string_append_printf (string, "<a href=\"%s\">", real_url);
-	g_string_append_len (string, text, len);
+
+	/* The thing we are making a link of may contain
+	 * characters which need escaping */
+	str = g_markup_escape_text (text, len);
+	g_string_append (string, str);
+	g_free (str);
+
 	g_string_append (string, "</a>");
 
 	g_free (real_url);