aboutsummaryrefslogtreecommitdiffstats
path: root/libempathy-gtk/empathy-theme-adium.c
diff options
context:
space:
mode:
authorGustavo Noronha Silva <gustavo.noronha@collabora.co.uk>2009-11-25 01:28:59 +0800
committerXavier Claessens <xclaesse@gmail.com>2009-11-25 07:21:15 +0800
commit2d9bbb26709398a1211312306ce5bee4b639f2a3 (patch)
treebc8f3d38e321c43e17a3a08e9384359f32945de8 /libempathy-gtk/empathy-theme-adium.c
parentb253440c84091dd88e619171330e895507abe40d (diff)
downloadgsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar
gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.gz
gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.bz2
gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.lz
gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.xz
gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.zst
gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.zip
Escape what is put inside <a> tags
We should be careful here, and make sure whatever is put enclosed by <a> tags is correctly encoded. What caused bug #597049 is that what was being liked to looked like a tag, so the browser ignored it, but this is potentially a security vulnerability. Bug #597049
Diffstat (limited to 'libempathy-gtk/empathy-theme-adium.c')
-rw-r--r--libempathy-gtk/empathy-theme-adium.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c
index a702ded6a..2e88ec1dd 100644
--- a/libempathy-gtk/empathy-theme-adium.c
+++ b/libempathy-gtk/empathy-theme-adium.c
@@ -228,12 +228,19 @@ theme_adium_replace_link (const gchar *text,
{
GString *string = user_data;
gchar *real_url;
+ gchar *str;
/* Append the link inside <a href=""></a> tag */
real_url = empathy_make_absolute_url_len (text, len);
g_string_append_printf (string, "<a href=\"%s\">", real_url);
- g_string_append_len (string, text, len);
+
+ /* The thing we are making a link of may contain
+ * characters which need escaping */
+ str = g_markup_escape_text (text, len);
+ g_string_append (string, str);
+ g_free (str);
+
g_string_append (string, "</a>");
g_free (real_url);